AT&T confirmed Friday that attackers compromised the personal information of an undisclosed number of AT&T Mobility members.

AT&T just revealed that outside attackers — allegedly employees of one of AT&T’s service providers — stole a trove of personal information on AT&T Mobility customers. AT&T says the stolen information includes Social Security numbers and call records, i.e. details about the date, time, duration and other phone number for every phone call customers make. AT&T would not disclose the number of affected users.

MORE: Scariest Security Threats Headed Your Way

AT&T believes that the attackers were seeking to sell stolen AT&T phones on second-hand markets and hacked the AT&T database in order to get “unlock codes” for the phones, which would let the thieves disconnect the stolen phones from the AT&T network, thus letting the phones reconnect to other mobile networks. This makes the phone far more valuable in secondhand markets.

The AT&T Mobility breach apparently occurred on April 9 through 21, two months ago, but AT&T only just revealed it now, as a California state law requires all companies with 500 or more Californian customers to self-report if they have suffered a data breach.

The good news is, if the criminals are truly most interested in unlocking stolen phones, then only stolen phones are at risk. But because social security numbers were included as well, users should take steps to protect their identity, such as placing an alert on their credit report to watch for fraud.

Email jscharr@tomsguide.com or follow her @JillScharr and Google+. Follow us @TomsGuide, on Facebook and on Google+.

Copyright 2014 Toms Guides , a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.