What you need to know
- AT&T has confirmed that some nine million customer accounts have been exposed after a third-party marketing vendor has been hacked.
- Customer information such as first names, account numbers, phone numbers, and email addresses were compromised as a result of the data breach.
- AT&T's own systems were not affected by the breach, nonetheless.
AT&T has informed customers that one of its third-party vendors experienced a data breach in which attackers were able to gain access to information related to customers' "device upgrade eligibility."
The massive security breach impacted approximately nine million customer accounts, and it took place in January, the same month that T-Mobile suffered a massive data breach affecting approximately 37 million postpaid and prepaid accounts.
An AT&T representative was quoted by Bleeping Computer as saying that the incident compromised Customer Proprietary Network Information, which includes data about the number of lines on an account or wireless rate plan. Additionally, personally identifiable information such as first names, wireless account numbers, wireless phone numbers, and email addresses were exposed.
In some instances, the hack also impacted customer information such as monthly payment amount, past due amount, rate plan name, and monthly charges and/or minutes used.
The wireless carrier acknowledged the security breach in response to a customer who inquired on its forum page whether an email sent to customers affected by a CPNI breach was legitimate. According to a company spokesperson, federal law enforcement has already been notified about the unauthorized access of CPNI in accordance with the Federal Communications Commission.
The good news, sort of, is that the breach did not include credit card information, Social Security Number, or account passwords. AT&T's own systems were not compromised as well.
AT&T also confirmed that the vulnerability has been fixed. This most recent hack is the first such incident that AT&T has had to deal with in a long time and is proof that hackers never run out of ways to commit fraud and identity theft.
