AT&T Data Breach Hits Nine Million Customer Accounts

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Mar 13, 2023 08:18 am PST

In the AT&T data breach, nine million user accounts were compromised after a third-party marketing partner was breached. As a result of the breach, customer data, including first names, account numbers, phone numbers, and email addresses, were exposed.

Nonetheless, the compromise did not have an impact on AT&T’s own systems. Customers of AT&T have been alerted to a data breach at one of its third-party vendors, wherein hackers were able to acquire details on customers’ “device upgrade eligibility.”

The significant data breach, which affected over nine million customer accounts, happened in January, the same month that T-Mobile experienced a significant data breach that affected about 37 million postpaid and prepaid accounts.

According to an AT&T representative reported by Bleeping Computer(opens in new tab), the breach exposed proprietary customer network information, including information about the number of lines on an account or cellular rate plan.

Also disclosed were first names, wireless account numbers, wireless phone numbers, and email addresses, among other personally identifiable information. In some cases, the attack also had an impact on customer data, including monthly payment amounts, past-due sums, rate plans, monthly charges, and/or minutes spent.

The wireless provider responded to a user who questioned the legitimacy of an email sent to consumers affected by a CPNI breach on their forum page (opens in a new tab) by acknowledging the security breach. A firm spokeswoman claims that, in accordance with the Federal Communications Commission, federal law enforcement has already been informed about CPNI’s improper access.

The leak did not involve account passwords, Social Security Numbers, or credit card information, which is good news. Also unaffected were AT&T’s internal systems.

The vulnerability has been patched, according to AT&T as well. This most recent hack is the first of its kind that AT&T has experienced in a long time and is evidence that Hackers constantly develop new techniques for committing fraud and identity theft.

Why Telecom Sector Is Still At Risk

Cyberattacks in the telecom sector are on the rise, and numerous security researchers forecast that they will become a significant issue in 2023. This is especially true given the growing adoption of IoT devices, the push toward 5G, and the geopolitical context in which telecom companies serve as vital national infrastructure.

Telecommunications businesses have already reported a number of cyber security problems within the first three months of the year. On January 6, a threat actor claimed to have discovered 37 million AT&T customer records on a third-party vendor’s insecure cloud storage. The threat actor distributed a sample of 5 million records.

T-Mobile experienced a cybersecurity issue in the same month that exposed the private information of 37 million users. The information revealed included customer information, including name, billing address, phone number, date of birth, and T-Mobile account number, as well as details like the features of the plan and the account’s line count.

Threat actors posted an employee list from the Canadian telecommunications giant Telus, which included names and email addresses, for sale on a data breach forum last month.


Citing a hack on a marketing vendor in January, AT&T is informing about 9 million customers that some of their personal data were made available. “Network Customer Proprietary The number of lines on some cellular accounts or wireless rate plans, for example, were made public, “According to AT&T. “There were no account passwords, Social Security Numbers, or other sensitive personal included in the data. Affected consumers are being informed.” Yet, AT&T informed BleepingComputer that “roughly 9 million wireless accounts had their Proprietary Customer Network Information exposed.”

Despite the data breach letter not specifying the precise number of users affected. Customer-first names, wireless account numbers, wireless phone numbers, and email addresses are all included in the sensitive CPNI data. “A tiny portion of the consumers who were negatively impacted also had their rate plan name, past due balance, monthly payment amount, other monthly charges, and/or minutes spent exposed. The data was dated by several years, “ATT stated. The business also stated that its systems were unaffected by the vendor security problem and that the leaked data was mainly related to eligibility for device upgrades.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Matt Aldridge
Matt Aldridge , Principal Solutions Architect
InfoSec Expert
March 14, 2023 8:00 am

Seeing AT&T experiencing a data breach involving a third-party company is a wakeup call for all businesses and highlights the need to revisit supply chains for security weak links. The fact that customer names, email addresses and phone numbers were amongst the leaked data, creates huge potential for tailored social engineering attacks and identity theft.
Sensitive information such as the customer data stolen in this attack is likely to be very valuable to organised criminals. Businesses of all sizes need to prioritise the security of critical and personal information, as you’re never too small or large to be a target. The key learning lesson here is making sure that not only are your own security processes up to scratch, but also that any third party dealing with sensitive data or accessing your network does so in the right way too.
To limit the impact of these attacks, businesses that hold private information should ensure they have clearly defined security policies and procedures to avoid any leak of information. This starts with employee education, which underscores all effective cyber resilience and data protection strategies. Security awareness training programmes can now inform and educate employees on the latest threats in real-time, including information security, social engineering, malware, and industry-specific compliance topics. Attack simulations can also be used to automatically send users for re-education should any training issues be identified.

Last edited 6 months ago by Matt Aldridge

Recent Posts

Would love your thoughts, please comment.x