Telecom giant AT&T alerted roughly 9 million customers in March that some of their personal information regarding their wireless account was exposed after a marketing vendor was hacked in January.
The data breach affected AT&T customers nationwide, exposing their first names, email addresses, wireless phone numbers and wireless account numbers. It’s just one of many telecom data breaches anticipated in 2023 that highlight the industry’s weaknesses.
A report from cyber intelligence firm Cyble estimates that more than 74 million U.S. telecom customers have had their data leaked on the dark web so far in 2023. Each attack listed in the report involved breaches at third-party vendors.
“Customer Proprietary Network Information from some wireless accounts was exposed, such as the number of lines on an account or wireless rate plan,” AT&T told information security and technology news website BleepingComputer.
AT&T said its systems were not compromised by the hacker and noted the compromised data was primarily related to upgrade eligibility for its devices, Bleeping Computer reported.
“CPNI is information related to the telecommunications services you purchase from us, such as the number of lines on your account or the wireless plan to which you are subscribed,” AT&T said, in its letter to affected customers.
In its letter sent to customers, AT&T said it addressed the data breach by confirming the vulnerability with its vendor has been addressed and fixed and by notifying federal law enforcement, as required by the Federal Communications Commission (FCC).
“Our report to law enforcement does not contain specific information about your account, only that the unauthorized access occurred,” AT&T said.
AT&T advised impacted customers to consider adding its “extra security” password protection to their accounts for no additional cost.