AT&T Alerts 9 Million Customers of Data Breach Following Vendor Hack
AT&T has revealed that an unauthorized individual accessed the Customer Propriety Network Information (CPNI) of approximately 9 million wireless customers via a vendor’s system. The affected customers are being notified by AT&T of the data breach.
The company has disclosed that the CPNI of some wireless accounts was exposed in the breach, including details such as the number of lines on an account or wireless rate plan.
It has been clarified that the exposed information did not include sensitive personal data such as Social Security Numbers, credit card information, or account passwords. The affected customers are being notified of the breach by AT&T.
The exposed CPNI data reportedly includes the first names of customers, email addresses, wireless phone numbers, and wireless account numbers.
According to AT&T, a small percentage of affected customers also had their rate plan name, monthly payment amount, past due amount, various monthly charges, and minutes used exposed in the breach. The company has stated that the exposed information was several years old.
The systems were not directly compromised in the vendor security incident that led to the data breach. The company clarified that the exposed data is mostly associated with device upgrade eligibility.
AT&T has stated that it has notified federal law enforcement agencies about the unauthorized access of its customers’ CPNI data, as required by the Federal Communications Commission. The company has also informed the affected customers about the breach through CPNI breach notification letters.
AT&T is advising its customers to toggle off CPNI data sharing on their accounts to reduce exposure risks in the future. Customers can make a CPNI Restriction Request to limit the sharing of their CPNI data for third-party vendor marketing purposes. This will help prevent unauthorized access to their data through third-party vendors in the future.