A recent vendor breach has exposed the personal information of millions of AT&T customers.
AT&T is notifying roughly nine million customers by email that their data was taken in the incident.
The attackers did not penetrate AT&T’s own systems. Instead, they compromised a marketing vendor that works with the US telecom provider, allowing the thieves to access customer records maintained by that partner.
All affected customers had CPNI (Customer Proprietary Network Information) stolen, including full names, phone numbers, and email addresses. A smaller group of victims also had more detailed account information exposed, such as their specific service plans, monthly charges, and minutes used.
Many customers posted on AT&T’s community forums about the notification emails. Several users asked whether the messages were phishing attempts; AT&T has confirmed the notices are legitimate.
Nonetheless, customers whose records included detailed account data should be particularly cautious about phishing and other targeted scams. Information such as plan details and monthly charges can make fraudulent messages appear more convincing.
Subscribers can usually opt out of sharing certain data with third parties. While that option comes too late for those already impacted in this breach, it’s a good reminder to review your data-sharing preferences with your carrier and limit what is shared where possible.
Telecom operators remain prime targets for data thieves because of the volume of sensitive customer information they hold.
Earlier this year, rival carrier T-Mobile suffered a large breach that exposed information belonging to about 37 million customers.
“Whether or not sensitive data and financial information were lost isn’t the point. Customer information is a privilege to hold, not a right,” said Sam Curry, Chief Security Officer at Cybereason, at the time of that incident.
T-Mobile’s 2023 breach came less than two years after a major August 2021 incident that revealed highly sensitive data, including driver’s license numbers and Social Security numbers, for tens of millions of customers.
“Hackers are innovative, and companies with valuable data and services are always a target,” Curry added, noting that it remains to be seen whether the 2023 compromises share similarities with the 2021 T-Mobile breach.
(Photo by Harpal Singh on Unsplash)
Interested in learning more about cybersecurity and cloud technologies from industry leaders? Consider attending Cyber Security & Cloud Expo, held in Amsterdam, California, and London, which brings together experts and vendors to discuss current threats and best practices.
You can also explore other upcoming enterprise technology events and webinars organized by TechForge to stay informed about the latest developments in security and the cloud.