AT&T is notifying millions of customers of data breach after a third-party vendor hack

AT&T
is
warning
some
of
its
customers
that
some
of
their
information
was
exposed
after
the
hack
of
a
third-party
vendor’s
system.

AT&T
is
notifying
millions
of
customers
that
some
of
their
information
was
exposed
after
a
third-party
vendor
was
hacked.

CPNI
is
information
related
to
the
telecommunications
services
purchased
by
the
customers,
including
the
number
of
lines
for
each
account
or
the
wireless
plan
to
which
customers
are
subscribed.

“We
recently
determined
that
an
unauthorized
person
breached
a
vendor’s
system
and
gained
access
to
your
“Customer
Proprietary
Network
Information”
(CPNI).”
reads
a


data
breach
communication
sent
by
the
company
to
the
impacted
customers.
“However,
please
rest
assured
that
no
sensitive
personal
or
financial
information
such
as
Social
Security
number
or
credit
card
information
was accessed.”​

Exposed
data
don’t
include
financial
information
(i.e.
credit
card
data)
or
sensitive
data
(i.e.
Social
Security
Number,
account
passwords).

The
vendor
was
hacked
in
January,
and
AT&T
told
its
customers
that
vulnerability
exploited
by
the
attackers
has
been already
fixed.
The
Telco
giant
added
that
its
systems
were
not
compromised.

The
company
has
notified
federal
law
enforcement,
but
the
data
breach
notification
does
not
provide
the
number
of
impacted
customers.

“Our
report
to
law
enforcement
does
not
contain
specific
information
about
your
account,
only
that
the
unauthorized
access
occurred.​”

continues
the
notice.

BleepingComputer


reported
that
approximately
9
million
wireless
accounts
were
impacted.

The
company
recommends
its
customers
to
add
an
“extra
security”
password
protection
to
their
account
at
no
cost.

On
August
2021,

ShinyHunters group


claimed
to
have
obtained
a
database
containing
private
information
on
roughly
70
million
AT&T
customers,
but
the
company
denied
that
they
have
been
stolen
from
its
systems.

Follow
me
on
Twitter:


@securityaffairs
and


Facebook
and


Mastodon

Pierluigi Paganini

(SecurityAffairs –

hacking,
AT&T)

Share
On

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts