AT&T Vendor Breach Exposes Data on 9M Wireless Accounts

AT&T is notifying customers of a Customer Proprietary Network Information compromise, exposing years-old upgrade details.

Dark Reading Staff, Dark Reading

March 9, 2023

1 Min Read
AT&T wireless storefront
Source: Jen Pham via Alamy Stock Photo

A compromise of an unnamed marketing vendor used by AT&T has exposed data associated with nearly 9 million wireless telecom accounts.

The breached data did not contain payment information, account passwords, Social Security numbers, or other personally identifiable information, AT&T said in a statement provided to Dark Reading. Instead, the cyberattack allowed unauthorized access to information used to determine eligibility it said, characterizing the data as years old. 

The mobile carrier is notifying affected customers, it said. According to notification letter in an AT&T Community forum.

"We recently determined that an unauthorized person breached a vendor's system and gained access to your Customer Proprietary Network Information (CPNI)," the data breach notification letter in the AT&T community forum read. "In our industry, CPNI is information related to the telecommunications services you purchase from us, such as the number of lines on your account or the wireless plan to which you are subscribed."

It added, "​We have notified federal law enforcement about the unauthorized access of your CPNI as required by the Federal Communications Commission. Our report to law enforcement does not contain specific information about your account, only that the unauthorized access occurred.​"

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights