AT&T is notifying 9 million customers of data breach after a third-party vendor hack
Telecom giant AT&T is notifying 9 million of its customers that some of their information was exposed after a third-party vendor was hacked. “We recently determined that an unauthorized person breached a vendor’s system and gained access to your “Customer Proprietary Network Information (CPNI)”, reads the data breach communication sent by AT&T to the impacted customers. “However, please rest assured that no sensitive personal or financial information such as Social Security number or credit card information was accessed”, continues the communication. Passwords or personal information wasn’t breached either.
Exposed CPNI data includes customer first names, wireless account numbers, wireless phone numbers, and email addresses.
“A small percentage of impacted customers also had exposure of rate plan name, past due amount, monthly payment amount, various monthly charges, and/or minutes used. The information was several years old”, said AT&T.
In its email to the affected customers, AT&T confirmed that the marketing vendor has fixed the vulnerability. The company has also notified the federal law enforcement agencies about the incident.
Customers are advised to toggle off CPNI data sharing on their accounts, by making a CPNI Restriction Request to reduce exposure risks in the future if AT&T uses it for third-party vendor marketing purposes.
Read more about it here.