AT&T has been subjected to a data breach and is notifying around nine million customers who were affected. The breach was said to be caused by a marketing vendor being hacked back in January.
AT&T Data Breach
The Customer Proprietary Network Information (CPNI) from millions of wireless accounts have been accessed after the data breach which contains information like a customer's number of lines on an account and wireless rate plans.
The CPNI data exposed include first names, wireless account numbers, wireless phone numbers, and email addresses, according to Bleeping Computer. Fortunately, the exposed data does not include credit card information, Social Security Numbers, and account passwords.
Some of the affected customers in the cyber attack also had their rate plan name, past due amount, monthly payment amount, monthly charges, and minutes used exposed, although AT&T claims that the data was several years old.
The telecommunications company assures that the breach through the marketing vendor did not affect its systems. Regardless, AT&T has already notified federal law enforcement of the breach as was required by the Federal Communications Commission.
The company said so in response to a customer who contacted AT&T via email asking if the notice regarding Customer Proprietary Network Information was a phishing scam. The company also confirmed that the vulnerability has already been fixed.
AT&T advised its customers to make a CPNI Restriction Request to turn off CPNI data sharing and reduce the risk of third parties accessing their data, in the event that the company uses it for marketing purposes.
What to Do After the Attack
If you're worried about the security of your account, you may reset your passcode through your myAT&T profile. Head to "My linked accounts" and then click on "Edit" next to the passcode you want to update. All you have to do next is follow the prompts to finish the process.
For an extra layer of security, Sign In to your myAT&T profile if required, scroll down to My Linked Accounts, and select "Add another account." Once you're in the online security information, head to Account Passcode, and Manage Extra Security.
After that, you can now click on "Add extra security to my account" and enter your passcode. Make sure that your passcode has four characters, and that it is not in a sequential format such as 1234 or 9876.
Since email addresses were among the information accessed, you should watch out for threat actors who may conduct phishing scams. The same can also be done with access to your phone number and full name.
Read Also: AT&T Sues T-Mobile Over False Advertising After Senior Discount Ad Campaign
Other AT&T Attacks
AT&T also suffered a cyber attack back in August 2022, which led to hackers stealing the data of 23 million customers. A cybersecurity firm found stolen data that contained names, Social Security numbers, dates of birth, as well as other information.
Upon analyzing that data, the cybersecurity firm Hold Security determined that the data is likely from both current and former customers, which was based on the data sets' email domains, listed states similar to AT&T internet areas, and more, according to Firewall Times.
Related: T-Mobile API Breach Results to Data Stolen from 37 Million Accounts
