AT&T has confirmed that a security breach on the iPad 3G exposed the e-mail addresses and ICC IDs of its customers before the company was able to fix the problem on Tuesday.
A group of computer experts named after an Internet shock website, Goatse Security, is claiming responsibility for the breach, which was first reported by Gawker.com.
“AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDs,” AT&T said in a prepared statement. “This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses.”
AT&T said it was not contacted by the “person or group” who discovered the security breach.
More than 100,000 iPad customers are believed to be affected by the breach. Gawker claims the e-mail addresses of employees at Goldman Sachs, JP Morgan, NASA, Homeland Security and the FCC were among those comprised by the breach.
AT&T says the only information that can be derived from the exposed ICC IDs is the e-mail address attached to that device and says it will inform all customers whose e-mail addresses and ICC IDs may have been obtained.
The integrated circuit card identification provides the serial number for the iPad’s SIM card to authenticate users on AT&T’s network. AT&T did not respond to whether the security breach could expose additional personal information stored on the iPad SIM card.
Apple did not respond to requests for comment by press time. It is not clear what responsibility, if any, Apple shares for the security problem on the iPad.
AT&T chief security officer Ed Amoroso told The Wall Street Journal that the security breach stemmed from an effort to make it easier for iPad subscribers to renew their prepaid wireless service.