American telecommunications giant AT&T has warned millions of its users that some of their sensitive data (opens in new tab) had been exposed in a supply chain cyber-incident.
As per a BleepingComputer report, the data breach is a result of a hacking incident against an AT&T marketing vendor that happened in January 2023.
Now, the company sent out warnings to approximately nine million of its customers that some of their sensitive data was accessed by an unauthorized third party.
Social Security Numbers intact
"Customer Proprietary Network Information from some wireless accounts was exposed, such as the number of lines on an account or wireless rate plan," AT&T told the publication. "The information did not contain credit card information, Social Security Number, account passwords or other sensitive personal information. We are notifying affected customers."
The notification did not state exactly how many people were affected by the breach, but the company did tell the media that “9 million wireless accounts” were compromised.
Customer first names, wireless account numbers, wireless phone numbers, as well as email addresses, were exposed, the company added.
> Massive Apple iPad data breach reveals 114,000 subscriber emails (opens in new tab)
> T-Mobile tried to buy stolen customer data back, but failed (opens in new tab)
> Here's our rundown of the best endpoint protection (opens in new tab)
"A small percentage of impacted customers also had exposure of rate plan name, past due amount, monthly payment amount, various monthly charges and/or minutes used. The information was several years old," AT&T further stated.
The company confirmed that this was a supply chain attack and that its systems remain uncompromised. Furthermore, ti added that the data taken is mostly linked to device upgrade eligibility. Be that as it may, the company did notify the police of the incident.
"We have notified federal law enforcement about the unauthorized access of your CPNI as required by the Federal Communications Commission," the company told its customers. "Our report to law enforcement does not contain specific information about your account, only that the unauthorized access occurred.”
- These are the best firewalls (opens in new tab) right now
Via: BleepingComputer (opens in new tab)