Hackers have broken into the database of AT&T's online store that sells DSL equipment in the US.
The attackers gained access to records, including credit card information, of up to 19,000 customers, the company said.
AT&T confirmed that the security breach took place last weekend. It added that it had noticed the hack "within hours" and immediately shut down the store.
Affected customers will be notified and offered a free credit monitoring service to protect them against identity theft.
"We recognise that there is an active market for illegally-obtained personal information. We are committed to protecting our customers' privacy and to weeding out and punishing the violators," said Priscilla Hill-Ardoin, chief privacy officer for AT&T.
"We deeply regret this incident and we intend to pay for credit monitoring services for customers whose accounts have been affected. We will work closely with law enforcement to bring these data thieves to account."
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago