AT&T has confirmed that miscreants had access to nine million of its wireless customers' account details after one of its vendor's networks suffered a security failure in January.

The telecommunications giant told us that these users' customer proprietary network information accessed - but said the data said was "several years old," and "mostly relating to device upgrade eligibility."

According to AT&T, its systems were not compromised. In a statement to The Register today, an AT&T spokesperson said:

According to the notification letter sent to customers and shared with The Register, AT&T confirmed that the vendor has since addressed whatever security shortcoming led to the above. The missive also says AT&T "notified federal law enforcement about the unauthorized access."

The US carrier also recommended customers add "extra security" password protection to compromised accounts, which comes at no charge.

AT&T declined to identify the vendor. While The Register has absolutely no proof the two are related, we will note that email marketing firm Mailchimp was also breached in January and said intruders gained access to more than 100 customer accounts.

In a seemingly similar incident last summer, Hold Security said it had discovered stolen data for sale that included names, Social Security numbers, dates of birth, email and physical addresses, and phone numbers belonging to about 23 million Americans that, "likely belongs to AT&T customers."

While we're not even a full three months into 2023, the year is already off to a rocky start for telecommunications companies and their data security efforts.

Last month Canadian communications giant Telus told The Register that it is investigating whether crooks have stolen employee data and its source code, all of which is being offered for sale on a criminal forum.

And in January another carrier, T-Mobile US, admitted a data breach in which someone abused an API to download personal information belonging to 37 million subscribers. This was the network operator's sixth security snafu in five years. ®

https://www.theregister.com//2023/03/09/att_wireless_breach/