AT&T alerts millions of customers following major data breach

Data Breach
(Image credit: Shutterstock)

American telecommunications giant AT&T has warned millions of its users that some of their sensitive data had been exposed in a supply chain cyber-incident.

As per a BleepingComputer report, the data breach is a result of a hacking incident against an AT&T marketing vendor that happened in January 2023. 

Now, the company sent out warnings to approximately nine million of its customers that some of their sensitive data was accessed by an unauthorized third party. 

Social Security Numbers intact

"Customer Proprietary Network Information from some wireless accounts was exposed, such as the number of lines on an account or wireless rate plan," AT&T told the publication. "The information did not contain credit card information, Social Security Number, account passwords or other sensitive personal information. We are notifying affected customers."

The notification did not state exactly how many people were affected by the breach, but the company did tell the media that “9 million wireless accounts” were compromised.

Customer first names, wireless account numbers, wireless phone numbers, as well as email addresses, were exposed, the company added.

"A small percentage of impacted customers also had exposure of rate plan name, past due amount, monthly payment amount, various monthly charges and/or minutes used. The information was several years old," AT&T further stated.

The company confirmed that this was a supply chain attack and that its systems remain uncompromised. Furthermore, it added that the data taken is mostly linked to device upgrade eligibility. Be that as it may, the company did notify the police of the incident.

"We have notified federal law enforcement about the unauthorized access of your CPNI as required by the Federal Communications Commission," the company told its customers. "Our report to law enforcement does not contain specific information about your account, only that the unauthorized access occurred.”

If you think your sensitive data has been stolen or used against you, then using the best identity theft protection service can help.

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.