In the 2023 data breach, the attackers specifically accessed and exfiltrated the customer proprietary network information (CPNI) data which pertains to critical subscribers’ information maintained by the telecommunication companies in the US. The CPNI consists of information on the services used, the amount paid for the services, and the type of usage opted for.
The compromised data, this time, does not contain personal financial information or call history, according to the company. However, the company admits it is aware that “a number of AT&T passcodes have been compromised.”
“The recent data breach at AT&T, which has exposed sensitive customer information like Social Security numbers, names, dates of birth, and possibly addresses, presents customers with a new set of risks distinct from previous breaches involving CPNI,” said Sakshi Grover, research manager at IDC. “This breach opens the door to various dangers, including financial fraud and identity theft, as Social Security numbers are prime targets for identity thieves, enabling them to open fraudulent accounts or file false tax returns.”
“As of today, this incident has not had a material impact on AT&T’s operations,” AT&T said in the statement issued on Saturday.
Vigilance cautioned
AT&T said it is reaching out to all 7.6M impacted customers and has reset their passcodes. “We encourage customers to remain vigilant by monitoring account activity and credit reports,” the company said.
Additionally, AT&T advised customers to set up free fraud alerts from global credit bureaus, including Equifax, Experian, and TransUnion.