“AT&T Customers’ Privacy Breached as Data Thieves Expose Millions of Names and Phone Numbers”

Data Breach at AT&T Impacts Millions of Wireless Subscribers

Unfortunately, data breaches and hacks have become a common occurrence in our online lives. Any server storing personal information of millions of users is prone to malicious attacks that can lead to the harvesting of data. Data breaches of carriers, social networks, and other entities are frequently reported in the news. Although the consequences are not always dire, users often have to clean up their mess after such incidents occur. Recently, we learned about a new data breach affecting millions of wireless subscribers, organized by AT&T.

AT&T Warns its Customers About the Breach

About 9 million of its customers have received an email from AT&T, warning them about a vendor hack. Multiple people confirmed receiving the email and were unsure whether it was part of a phishing scheme (via Bleeping Computer). AT&T confirmed that an attack occurred on a marketing vendor, and not on AT&T itself.

Exposed Information of the Affected Users

The personal data of affected users, such as phone numbers, full names, email addresses, and data points like plans, monthly charges, and minutes used, was exposed. However, more sensitive information, such as payment methods and Social Security numbers, were not disclosed. Therefore, credit card charges related to this attack are unlikely to occur.

Action for Affected Users

AT&T has sent notifications of the breach to its customers. At this point, no official action is required, but users should be wary of any unusual activity related to their AT&T-linked phone numbers. They might also want to opt out of AT&T using and sharing their Customer Proprietary Network Information (CPNI) as that’s how the breach happened. Law enforcement has also been informed about the breach, but personal information was not shared with them.

Similar Hacks at Other Carriers

In another incident in January, hackers attacked a third-party Verizon vendor, resulting in a data breach. However, the data dump released on an open forum did not contain personally identifiable information. Verizon has since ended its association with the vendor.