Telecommunications giant AT&T has confirmed that nearly nine million of its wireless customers’ account details were accessed by unauthorized individuals after a vendor’s network was breached in January. This article will provide an overview of the breach, what data was compromised, and what steps AT&T has taken to address the situation.
The Breach
According to AT&T, a vendor’s network was breached in January, and nearly nine million wireless customers’ account details were accessed by the attackers. While AT&T’s systems were not compromised, the records that were accessed included customer proprietary network information, which is regulated under the law. This includes information about a customer’s account, such as their phone number, billing address, and call records.
What Data Was Compromised?
AT&T has assured its customers that the data accessed by the attackers was “several years old” and “mostly relating to device upgrade eligibility.” However, this still includes sensitive information that could be used for fraudulent purposes. In addition to customer account details, the attackers also gained access to the Social Security numbers and dates of birth of some customers.
AT&T’s Response
AT&T has taken swift action in response to the breach. The vendor responsible for the breach has addressed the security shortcomings that led to the attack. AT&T has also notified federal law enforcement about the unauthorized access. The telecommunications giant has recommended that customers add extra security password protection to their accounts, which will be provided at no charge. However, AT&T has declined to identify the vendor responsible for the breach.
Conclusion
This is not the first time AT&T has faced a security breach. In a similar incident last summer, the data of 23 million Americans, likely belonging to AT&T customers, was discovered for sale on the dark web. This breach highlights the importance of robust security measures to protect customer data. It also serves as a reminder for individuals to take steps to protect their personal information from cybercriminals.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.
