The operator has informed affected customers after a marketing vendor suffered a security failure in January

The breach exposed Customer Proprietary Network Information (CPNI) for around nine million wireless customers.

CPNI includes details on the type of services customers receive, the amount paid for those services, and the eligibility for customers to upgrade; it does not include sensitive information, like credit card information or Social Security numbers.

AT&T say that the CPNI accessed was “several years old”.

The operator communicated to customers that the data had been compromised as a result of a breach of an unnamed vendor’s security systems – a vulnerability that has since been fixed.

Nonetheless, the AT&T email encouraged customers to add “extra security” password protection to theirs account at no cost.

AT&T notes that the breach has been reported to the relevant authorities, telling customers that this report does not include any specific details about their accounts.

Massive data breaches are already becoming worryingly common in 2023, with AT&T’s rival T-Mobile admitting that account information had been compromised in for 37 million customers back in January.

How is the US telecoms market evolving in 2023? Join the discussion at this year’s live Connected America conference in Dallas, Texas later this month

Also in the news:
Viasat–Inmarsat merger gets provisional greenlight from CMA
Verizon shuffles executive team in search of growth
Ericsson to pay DoJ $206.7m over bribery scandal