The company’s marketing vendor suffered a security failure in January and exposed CPNI data that included first names, wireless account numbers, wireless phone numbers, and email addresses. Credit: AndreyPopov / Getty Images AT&T is informing customers about a data breach at a vendor’s system that allowed threat actors to gain access to AT&T’s Customer Proprietary Network Information (CPNI).The incident came to light after customers posted the email communication from AT&T on community forums to know if it was legitimate or email fraud.“We recently determined that an unauthorized person breached a vendor’s system and gained access to your ‘Customer Proprietary Network Information’ (CPNI),” AT&T said in the email. About nine million customers affectedApproximately nine million customers’ CPNI was accessed by the threat actors, according to a statement given by the company to Bleeping Computer. CPNI is the information that telecommunication companies in the US acquire about subscribers and includes information on the services they use, the amount paid for the services, and the type of usage. This information is used by third-party communication vendor companies for marketing purposes. Accessing CPNI information typically requires a warrant from a law enforcement agency.“In our industry, CPNI is information related to the telecommunications services you purchase from us, such as the number of lines on your account or the wireless plan to which you are subscribed,” AT&T said in its email to affected customers assuring them that no sensitive personal or financial information such as social security number or credit card information was accessed. AT&T’s marketing vendor suffered a security failure in January. Exposed CPNI data of AT&T customers included first names, wireless account numbers, wireless phone numbers, and email addresses.Some impacted customers also had exposure of past due amount, monthly payment amount, and various monthly charges and/or minutes used, AT&T told the publication adding that the information was several years old. The data exposed mostly related to device upgrade eligibility and did not affect the company systems.In its email to the affected customers, the company confirmed that the marketing vendor has fixed the vulnerability. AT&T has also notified the federal law enforcement agencies about the incident. “Our report to law enforcement does not contain specific information about your account, only that the unauthorized access occurred,” AT&T said in its email. The company also offered the customers an option to add extra security to their password free of cost. Telecom services remain vulnerableCyberattacks against the telecom industry are soaring, and several security researchers have predicted it will be a major concern in 2023. This is specifically because of the increased use of IoT devices, push towards 5G and the geopolitical conditions as telecom companies provide critical infrastructure for nations.Within the first three months of the year, telecommunication companies have already reported several cyber security incidents. On January 6, a threat actor claimed to have found a third-party vendor’s unsecured cloud storage containing 37 million AT&T client records. The threat actor shared a sample of 5 million records.In the same month, T-Mobile suffered a cybersecurity incident that resulted in the exposure of the personal details of 37 million users. Customer data such as customer name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features were exposed. Last month, an employee list comprising of names and email addresses of Telus, a Canadian telecommunication company, was put up for sale on a data breach forum by threat actors. Related content opinion Sleuthcon: Cybercrime emerges in Morocco and law enforcement gets creative At this year’s cybercrime-oriented conference Sleuthcon, Morocco emerged as a locus of cybercrime, while UK and US law enforcement highlighted how creative they've become in shaming and disrupting criminal groups. By Cynthia Brumfield Jun 10, 2024 8 mins Advanced Persistent Threats Hacker Groups Government feature AI system poisoning is a growing threat — is your security regime ready? NIST, security leaders warn that hackers will launch more poisoning attacks as artificial intelligence use increases, testing the strength of today’s security programs By Mary K. Pratt Jun 10, 2024 9 mins Cyberattacks Threat and Vulnerability Management Security Practices news Spam blocklist SORBS shuts down after over two decades The service was unsustainable but those in the email deliverability industry expressed mixed feelings about the closure. By Evan Schuman Jun 07, 2024 4 mins Email Security Antispam news analysis New RansomHub ransomware gang has ties to older Knight group File encryption malware used by RansomHub appears to be a modified variant of the Knight ransomware, also known as Cyclops. By Lucian Constantin Jun 07, 2024 4 mins Hacker Groups Ransomware Hacking PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe