Around 9 million AT&T customers have been informed that their private information was exposed following a data breach in January, according to Fox News. The breach occurred when a third-party marketing vendor was hacked, and the affected data set was several years old, primarily related to device upgrade eligibility.
The telecommunications company has reported the breach to law enforcement, and the incident did not compromise AT&T’s systems. However, this breach has highlighted the vulnerabilities in the security programs of major telecommunication providers. The telecom industry’s rapid expansion requires new vendors, creating a security risk as it is challenging to vet new contractors’ security measures before signing contracts.
Telecom companies collect extensive customer data, including sensitive information that can be abused. The breach has also revealed that 74 million U.S. telecom customers had their data leaked on the dark web in 2023, primarily due to violations at third-party vendors. The implementation of regulations that require baseline cybersecurity measures for the telecom sector and its vendors could ensure that all companies prioritize their security.
In a news article published on Axios, the FCC is working on updating its data breach notification rules for telecom and wireless carriers. The breach at AT&T emphasizes the need for strong cybersecurity measures across the entire telecom industry to protect customer data.