The telecommunications giant AT&T has reached out to customers over a third-party data breach that exposed user details. The company said nine million accounts might have been exposed.
One of the world’s largest telecom providers, AT&T started sending out letters to its users over a data breach that one of its vendors suffered.
“We recently determined that an unauthorized person breached a vendor’s system and gained access to your Customer Proprietary Network Information (CPNI),” AT&T’s breach notification letter said.
According to AT&T, around nine million wireless accounts had their CPNI exposed. Threat actors accessed data that “was several years old” and related to device upgrade eligibility.”
“A vendor that we use for marketing experienced a security incident. Customer Proprietary Network Information from some wireless accounts was exposed, such as the number of lines on an account or wireless rate plan,” AT&T told Cybernews.
The company said that the exposed data did not include credit card information, any passwords or social security numbers.
AT&T said the breach prompted it to contact law enforcement agencies as well as the Federal Communications Commission (FCC).
“Our report to law enforcement does not contain specific information about your account, only that the unauthorized access occurred,” the company said.
Last October, the Everest ransomware gang said it supposedly breached AT&T, adding the company on its dark-web blog on a website cybercriminals use to claim victims. However, the company did not confirm it was hacked at the time.
In April 2022, a threat actor posted an ad on a popular hacker forum, allegedly selling 70 million records that supposedly belong to AT&T. The company denied the data was leaked.
AT&T has suffered a data breach before. In 2015, the company agreed to pay a $25 million fine for an insider breach.
AT&T is among the largest corporations in the US. The company is the largest mobile services provider in the country and was estimated by Statista to control 44.8% of the country’s wireless subscriptions in the third quarter of last year.
Updated on March 13 with a comment from AT&T.
More from Cybernews:
Subscribe to our newsletter