The US telecommunications giant AT&T recently notified its customers of a data breach, allowing attackers to obtain information related to customers’ “device upgrade qualifications”.
The serious security breach, which affected approximately 9 million customer accounts, occurred in January 2023. IT Home noted that this was also the same month that T-Mobile suffered a massive data breach. T-Mobile’s data breach affected approximately 37 million postpaid and prepaid accounts.
An AT&T representative said in an interview that the breach exposed Customer Proprietary Network Information (CPNI), which includes data such as the number of lines on an account or wireless plans.
READ ALSO: Revealed: name of 9-year-old girl shot to death in Bolingbrook home invasion
Additionally, personally identifiable information such as names, wireless account numbers, wireless phone numbers, and email addresses were also exposed. In some cases, the hackers also obtained other customer information, such as monthly payment amounts, past due amounts, package names, and monthly charges and/or usage minutes.
According to an AT&T spokesman, federal law enforcement has been notified of the unauthorized access to CPNI in accordance with FCC regulations.
Fortunately, no credit card information, Social Security numbers or account passwords were involved in the data breach, and AT&T’s own systems were not compromised.
AT&T also confirmed that it has fixed the vulnerability, which is the first time AT&T has faced such an incident in a long time.