AT&T alerts millions of customers following major data breach

AT&T data compromised following supply chain attack

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

American telecommunications giant AT&T has warned millions of its users that some of their sensitive data had been exposed in a supply chain cyber-incident.

As per aBleepingComputerreport, the data breach is a result of a hacking incident against an AT&T marketing vendor that happened in January 2023.

Now, the company sent out warnings to approximately nine million of its customers that some of their sensitive data was accessed by an unauthorized third party.

Social Security Numbers intact

“Customer Proprietary Network Information from some wireless accounts was exposed, such as the number of lines on an account or wireless rate plan,” AT&T told the publication. “The information did not contain credit card information, Social Security Number, account passwords or other sensitive personal information. We are notifying affected customers.”

The notification did not state exactly how many people were affected by the breach, but the company did tell the media that “9 million wireless accounts” were compromised.

Customer first names, wireless account numbers, wireless phone numbers, as well as email addresses, were exposed, the company added.

Massive Apple iPad data breach reveals 114,000 subscriber emails>T-Mobile tried to buy stolen customer data back, but failed>Here’s our rundown of the best endpoint protection

“A small percentage of impacted customers also had exposure of rate plan name, past due amount, monthly payment amount, various monthly charges and/or minutes used. The information was several years old,” AT&T further stated.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The company confirmed that this was a supply chain attack and that its systems remain uncompromised. Furthermore, it added that the data taken is mostly linked to device upgrade eligibility. Be that as it may, the company did notify the police of the incident.

“We have notified federal law enforcement about the unauthorized access of your CPNI as required by the Federal Communications Commission,” the company told its customers. “Our report to law enforcement does not contain specific information about your account, only that the unauthorized access occurred.”

If you think your sensitive data has been stolen or used against you, then using thebest identity theft protectionservice can help.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

HPE reveals critical security bug affecting networking access points

A critical Palo Alto Networks bug is being hit by cyberattacks, so patch now

New Secretlab Skins Lite let you overhaul the look of your chair for under $100