Data breaches and hacks seem to be a normal part of our online lives by this point. If it’s tied to a server storing the personal info of millions of users, malicious actors can (and will) get past its defenses and harvest all that data. We’ve seen news about these breaches against carriers, social networks, and everything in between. And while the fallout is rarely that bad, there’s always some cleaning up to do on our part. Now, we’re hearing about a new data breach that is affecting millions of wireless subscribers.
This time around, it’s AT&T sending out emails to about 9 million of its customers, warning them of a vendor hack. Those emails were discussed on AT&T’s forums with multiple people confirming that they also got the email and were unsure whether it was part of a phishing scheme or not (via Bleeping Computer). The company did confirm that it sent the email and that an attack took place — the target was not AT&T itself, but a marketing vendor.
Still, affected users had sensitive CPNI (Customer Proprietary Network Information) exposed, including phone numbers, full names, and email addresses as well as data points like plans, monthly charges, and minutes used on a smaller subset of users. More sensitive information, such as payment methods and Social Security numbers, was not exposed as a result of this breach, so you shouldn’t see strange charges on your credit card as a direct result of this attack.
If you were affected, you should’ve received an email notifying you of the breach. Action is not officially being advised at this point, though you should remain especially vigilant regarding any weird activity with your AT&T-linked phone number. You also might want to, however, opt out of AT&T using and sharing your CPNI to third parties since that’s how this breach happened. Law enforcement has also been notified of the breach as well, though your personal information wasn’t shared with them.
In January, one of the third-party vendors for Verizon was attacked by hackers. The resulting data dump was released onto an open forum, but contained no personally identifiable information. Verizon has since cut ties with the vendor.
