I'd blame marketing too!
What doesn't marketing screw up?
But then, att is supposed to have oversight, so, there's that as well.
AT&T has confirmed that miscreants had access to nine million of its wireless customers' account details after a vendor's network was broken into in January. The telecommunications giant told us these records included so-called customer proprietary network information, the safeguarding of which is regulated — though the telco …
AT&T should have procedures as well as limits in place for volume access of personal information. Not that I mind them blaming Marketing (grin) but it's a systemic failure - these controls should have been in place from the start.
Not that it matters much - even in Europe those mass breaches are actually the cheapest when it comes to fines. A small cornershop will get hit with the full force and fines of the law, but if you expose the details of a very large volume of people (whose exposure is even worse from large outfits because they tend to hold more data per person) you effectively get a volume discount so you don't have to restrict executive bonuses at the end of the year - fines per person are then WAY down.
Regulators don't mind that limiting fines for the big boys perpetates the problem, after all, they need a nice job to go to later when they're done regulating..
... is one reason why third-party contractors are used. An extreme example would be, "A military contractor (*cough* Blackwater *cough*) employed a small number of individuals who failed to adhere to all applicable Geneva Convention, other international standards, and official guidelines in the performance of their duties. We strongly care about your privacy regret this incident, and have taken steps to prevent further occurrances."
I'm sure my data is out there somewheres, but I am actually thankful for the massive millions if not billions if not trillions of records that miscreants have to trawl through. My measly data is hopefully lost in obscurity. According to HIBP I also haven't been in any of their breaches [that have email addresses associated], which is nice.