The Wall Street Journal reports that a group of computer experts called Goatse Security claimed responsibility for exposing the e-mail addresses. The technique the group allegedly used finds numbers on AT&T's website to identify iPad users. Those numbers allowed the group to find user e-mail addresses.
AT&T released a statement following the breach:
"AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device.
This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses.
The person or group who discovered this gap did not contact AT&T.
We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained.
We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted."
AT&T is the sole U.S. provider of wireless service for Apple's iPad and iPhone.