Data breaches are an all-too-common fact of modern life. They can\u2019t always be avoided, but when a major company is hit, its customers have every right to be notified immediately. So why did AT&T Mobility take at least one month to notify its wireless customers that their personal data, including social security numbers and call records, had been exposed?\n\tPlenty of reporters, including me, have asked the company to explain the delay. It hasn\u2019t. The company now acknowledges that the breach occurred two months ago. It says it learned about the situation in May and eventually sent letters to the customers at risk.\n\tThe breach took place between April 9 and April 21, 2014, but wasn\u2019t disclosed until last week in a filing with the California Public Utilities Commission. While AT&T wouldn't say how many customers were affected, state law requires such disclosures if an incident affects at least 500 customers in California.\n\tHere\u2019s what AT&T spokesman Mark Siegel said in a statement that was emailed to reporters:\n\t"We recently learned that three employees of one of our vendors accessed some AT&T customer accounts without proper authorization," the company said in a statement...This is completely counter to the way we require our vendors to conduct business. We know our customers count on us and those who support our business to act with integrity and trust, and we take that very seriously. We have taken steps to help prevent this from happening again, we are notifying affected customers, and we have reported this matter to law enforcement," it said.\n\tThe company was a bit more forthcoming in the letter it mailed to customers. It said the breach was related to the codes used to unlock a cell phone and the associated services. Locked cell phones can only be used on the networks of the carriers that sell them; once unlocked, they can be used on any compatible network.\n\tWhat steams me is the delay in notifying customers. The longer someone\u2019s personal data is out there, the more opportunities there are for fraud. Most companies swallow their embarrassment and quickly notify customers.\n\tP.F. Chang\u2019s China Bistro, a popular chain restaurant, learned last Tuesday that its defenses had been breached, and by Friday the company had notified customers. As quick as that was, one of my colleagues had to deactivate a number of credit cards he\u2019d used at the restaurant because bogus charges had already appeared on his accounts.\n\tSeriously? P.F. Chang\u2019s can handle a data breach better than one of the largest telecommunications companies in the world? Shame on you, AT&T. I simply don\u2019t understand why the company waited so long. What\u2019s more important than guarding the security of its customers? My advice: Don\u2019t recycle the next piece of snail mail you get from AT&T until you read it.