Severe AT&T Data Breach Compromises Over 9 Million Customer Accounts

A third-party AT&T vendor vulnerability being exploited led to over 9 million customer accounts being compromised.

By Wendy Hernandez | Published

AT&T uber microsoft hacking

AT&T recently reported a data breach that has put the personal information of more than 9 million customers at risk. Apparently, a security flaw in a third-party vendor that helps AT&T with customer service led to the breach. The vendor, which AT&T has declined to name, reported that some customer’s basic personal information was accessed, but not their financial information or Social Security numbers.

According to a statement provided to CNET by AT&T, the exposed data provided to the marketing vendor mostly pertained to device upgrade eligibility. AT&T also assured that its systems were not compromised. In a newly released statement to The Register , an AT&T spokesperson said:

“A vendor that we use for marketing experienced a security incident. Customer Proprietary Network Information from some wireless accounts was exposed, such as the number of lines on an account or wireless rate plan. The information did not contain credit card information, Social Security Number, account passwords or other sensitive personal information. We are notifying affected customers.”

Phone companies like AT&T and T-Mobile are very concerned about data breaches, and they take them very seriously. When a breach happens, these companies move quickly to limit the damage and prevent attacks from happening again. 

In regards to that recent AT&T breach, the company ended its contract with the third-party vendor that was responsible for the breach and gave affected customers free credit monitoring.

T-Mobile has also had data breaches in the past and has taken similar steps to fix them, like offering free credit monitoring and improving security. These companies know how important it is to keep their customers’ information safe and take steps to prevent future breaches.

AT&T has stated that it will work with law enforcement to investigate the breach and hold those responsible accountable. However, the fact that a third-party vendor was able to access and compromise the personal information of AT&T customers raises questions about the security measures in place at AT&T and its vendors.

As noted by Paul Bischoff, privacy advocate and editor at Comparitech, “It’s a common practice for companies to outsource customer service, but they must ensure that their third-party vendors adhere to the same security standards that they do. It’s ultimately the responsibility of the company to protect its customers’ data.”

This is not the first time that AT&T has experienced a data breach. In 2014, the company was fined $25 million for failing to protect customer data. In that case, hackers were able to access customer records by exploiting a vulnerability in the company’s systems.

The recent breach serves as a reminder that companies must take the necessary steps to protect their customers’ data. As stated by David Kennedy, CEO of cybersecurity firm TrustedSec, “Companies must be proactive in their approach to security. They must regularly assess their vulnerabilities and take action to prevent breaches from occurring.”

AT&T’s response to the breach is commendable, but the fact remains that sensitive customer data was compromised. It is important that companies take a proactive approach to security to prevent future breaches from occurring. Customers must also be vigilant and take steps to protect themselves from identity theft and fraud.