AT&T

Summary

AT&T is notifying approximately nine million wireless customers that an unauthorized user accessed their information after a third-party marketing services vendor was breached. Compromised data includes customer proprietary network information (CPNI), which contains telephone-related details typically found on a monthly billing statement, such as technical information, type of service, current telephone charges, usage data, and calling patterns. Some customers reported that first names, wireless account numbers, phone numbers, and email addresses were also exposed. While no sensitive personal or financial information such as Social Security numbers or account passwords was accessed, AT&T recommends that impacted customers consider adding extra security password protection to accounts. Customers can also opt out of CPNI data sharing. Additionally, customers are urged to use caution with emails purporting to be from AT&T, as scammers often attempt to capitalize on public breaches and deliver phishing emails. Furthermore, cybercriminals may use CPNI in combination with scraped publicly available information or information exposed in other breaches to conduct SIM swapping attacks.