By Sergiu Gatlan | March 9. 2023
“AT&T is notifying roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked in January.
“Customer Proprietary Network Information from some wireless accounts was exposed, such as the number of lines on an account or wireless rate plan,” AT&T told BleepingComputer.
“The information did not contain credit card information, Social Security Number, account passwords or other sensitive personal information. We are notifying affected customers.”
While the data breach notification does not share the number of impacted customers, AT&T told BleepingComputer that “approximately 9 million wireless accounts had their Customer Proprietary Network Information accessed.”
Exposed CPNI data includes customer first names, wireless account numbers, wireless phone numbers, and email addresses.
“A small percentage of impacted customers also had exposure of rate plan name, past due amount, monthly payment amount, various monthly charges and/or minutes used. The information was several years old,” AT&T said.
The company added that its systems were not compromised in the vendor security incident and that the exposed data is mostly associated with device upgrade eligibility.
Law enforcement alerted of the breach
“We have notified federal law enforcement about the unauthorized access of your CPNI as required by the Federal Communications Commission,” AT&T says in the CPNI breach notification letters, first spotted by DataBreaches.net and sent from firstname.lastname@example.org.”
Visit Bleeping Computer to read full article.