Hackers accessed personal data from 9 million AT&T customers

What simply occurred? Many AT&T prospects not too long ago acquired an e mail saying hackers accessed their Buyer Proprietary Community Info (CPNI). Traditional phishing vocabulary, however the alert is not a rip-off. Customers ought to take steps to safe their AT&T account, together with fortifying their password and submitting a CPNI restriction request.

Telecom supplier AT&T not too long ago alerted prospects {that a} cyberattack uncovered some info from their accounts. No bank card knowledge, social safety numbers, passwords, or dates of delivery received out, however the hack uncovered some particulars relating to customers’ cellphone plans.

Info in danger contains buyer first names, e mail addresses, variety of traces on accounts, system sorts, system improve eligibility, price plan names, overdue quantities, month-to-month cost quantities, and minutes used. The corporate informed Bleeping Pc that the breach affected about 9 million accounts.

Hackers aimed the January assault at considered one of AT&T’s advertising and marketing distributors quite than the corporate itself. The supplier did not determine the seller however mentioned the attackers exploited one of many vendor’s safety vulnerabilities, which has since been patched. The corporate additionally contacted federal regulation enforcement as legally required, assuring prospects that it did not share private account info with authorities.

Impacted prospects ought to enable further password protections, like logging in with a PIN. A PIN will shield customers’ accounts from unhealthy actors calling AT&T and impersonating them utilizing the non-public info they obtained. Prospects can even request CPNI restrictions, which restrict however don’t cease the corporate from advertising and marketing further merchandise to customers.

Rival supplier T-Cellular suffered a extra important assault in January. The breach impacted 37 million prospects exposing names, billing addresses, e mail addresses, cellphone numbers, dates of delivery, account numbers, and repair plan info. Nonetheless, no social safety numbers or passwords have been leaked.

The corporate theorized the attacker used an API to entry the info beginning final November till the corporate detected and stopped their actions on January 5. One other breach final summer time affected 77 million T-Cellular prospects, after which the corporate settled a class-action lawsuit for $350 million.

The final main cybersecurity incident involving AT&T was in August 2021, when the infamous menace actor ShinyHunters allegedly tried to promote the non-public info of 70 million prospects. The telecom titan denied that the info cache originated from its techniques, however ShinyHunters insisted on its authenticity, offering the database for $200,000. Just like the hack this January, the knowledge might have come from one of many firm’s companions.