AT&T customer data was exposed in January through a third-party vendor that had been hacked, the carrier confirmed, affecting around nine million customer accounts. This included basic personal information but no financial data or Social Security numbers.
The data that AT&T had provided to the marketing vendor which had been exposed was "mostly related to device upgrade eligibility," according to a statement the provider sent to CNET. It included basic personal information like customer names, account numbers, phone numbers and email addresses, as well as the number of lines on the account, devices used and installment agreement information.
The exposed data didn't include Social Security numbers, credit card information, account passwords or "other sensitive information," the AT&T statement said, and the carrier noted that the data set was several years old.
AT&T said that its own systems were not breached and that it was notifying customers who had been affected.
This is the first time the carrier's customer data has been exposed in years as rival T-Mobile has suffered far greater breaches of its own system. T-Mobile had just wrapped up paying out $350 million to subscribers affected by a 2021 cyberattack when it was hacked again back in January, exposing 37 million customers' data.
Read more: T-Mobile Gets Hacked Again: Is the Un-Carrier Un-Safe?
A small Verizon breach back in October affected 250 prepaid customers.