A vendor hack has resulted in the data of millions of AT&T customers being stolen.
AT&T is sending emails to around nine million customers to alert them of the theft of their data.
The attackers did not breach AT&T directly but compromised the systems of a marketing vendor used by the US telecom giant.
All impacted users had CPNI (Customer Proprietary Network Information) stolen, including phone numbers, full names, and email addresses. A smaller subset also had information such as their specific plans, monthly charges, and the minutes they’ve used exposed.
Numerous customers took to AT&T’s forums to discuss the emails received from the operator.
Many customers enquired as to whether the emails were phishing attempts. AT&T confirmed they were legitimate emails.
However, affected users – especially those that had specific details such as their plans and monthly charges stolen – should now be extra vigilant about phishing attempts.
Customers are usually able to opt-out of allowing their data to be shared with third-parties. While it’s too late for impacted AT&T customers in this incident, it may be worth taking the opportunity to review your current data-sharing agreement with your operator.
Operators continue to be key targets for data thieves.
Earlier this year, AT&T rival T-Mobile suffered a hack that resulted in the data of around 37 million customers being stolen.
“Whether or not sensitive data and financial information were lost isn’t the point. Customer information is a privilege to hold, not a right,” commented Sam Curry, Chief Security Officer at Cybereason, at the time.
T-Mobile’s latest breach came less than two years after one that occurred in August 2021 that exposed sensitive information – including driving license and social security numbers – of tens of millions of its customers.
“Hackers are innovative, and companies with valuable data and services are always a target, but it remains to be seen if the compromises in 2023 are similar to the ones suffered by T-Mobile in 2021,” added Curry.
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.