Telecom giant AT&T informed that around 9 million customer records were exposed in third party data breach. The breach occurred at vendor’s system allowing attackers to access Customer Proprietary Network Information (“CPNI”) such as services, payment and usage details , number of lines or subscribed wireless plans. The CPNI is used by third party communication vendor companies for marketing purpose.
The company also informed that the attack did not exposed financial or other personal sensitive information. The exposed information included first names, wireless phone number and email address. The law enforcement agencies were also informed about the attack and vulnerability in the vendor’s system has been fixed.