Jump to content
Login new information ×
Remember, Matrix ×
Login new information
  • Security & Privacy News

    AT&T alerts 9 million customers of data breach after vendor hack

    alf9872000

    By alf9872000,
    Published Date:

    • 325 views
    • 2 minutes
     Share
    • 325 views
    • 2 minutes

    AT&T is notifying roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked in January.

     

    "Customer Proprietary Network Information from some wireless accounts was exposed, such as the number of lines on an account or wireless rate plan," AT&T told BleepingComputer.

     

    "The information did not contain credit card information, Social Security Number, account passwords or other sensitive personal information. We are notifying affected customers.

     

    While the data breach notification does not share the number of impacted customers, AT&T told BleepingComputer that "approximately 9 million wireless accounts had their Customer Proprietary Network Information accessed."

     

    The company said the exposed data set was several years old and is mostly associated with device upgrade eligibility. It added that none of its systems were compromised in the vendor security incident.

     

    The exposed CPNI data includes information related to its services, such as the number of lines linked to a customer's account or the wireless plan to which they are subscribed, according to AT&T.

     

    However, AT&T's privacy policy says that while CPNI doesn't include the users' telephone number, name, and address, it does contain "details about who you've called."

    Law enforcement alerted of the breach

    "We have notified federal law enforcement about the unauthorized access of your CPNI as required by the Federal Communications Commission," AT&T says in the CPNI breach notification letters, first spotted by DataBreaches.net and sent from [email protected].

     

    "Our report to law enforcement does not contain specific information about your account, only that the unauthorized access occurred."

     

    Customers are advised to toggle off CPNI data sharing on their accounts by making a CPNI Restriction Request to reduce exposure risks in the future if AT&T uses it for third-party vendor marketing purposes.

     

    An AT&T spokesperson is yet to reply to an email asking for more info on what specific information was exposed in the incident and what vendor was breached for this data to be exposed.

     

    In August 2021, AT&T denied a data breach after a notorious threat actor put up for sale a database containing what he claimed to be the personal information of 70 million AT&T customers.

     

    Source

     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...