Call, text logs for 110M AT&T customers stolen from compromised cloud storage AT&T has admitted that cyberattackers grabbed a load of its data for the second time this year, and if you think the first haul was big, you haven't seen anything: This latest one includes data on "nearly all" AT&T wireless customers - and those served by mobile virtual network operators (MVNOs) running on AT&T's network. The …
1. Ignore or deny everything
2. There was a thing that happened but don't worry, your data is safe
3. Your privacy is important to us and we apply industry best-practices
4. They may have gotten access to some things that are not important
5. They got deeper than we said they did earlier
6. They actually got stuff that relates directly to your privacy, we are so sorry (that we have to tell you this, not that it happened)
7. Also, did we tell you it was not our fault but some contractor who we are very happy to throw under the bus <<----- you are somewhere around here-ish
8. They got into the inner sanctum and they got to everything and anything, but fear not, here is two years of credit monitoring
9. That news article by that reporter explaining how our security was pretty much non-existent... don't believe them... because, it's embarrassing to us
10. We've hired outside security experts (for a day, after the fact)
11. The breach was so sophisticated, like nation state level stuff, it couldn't have been predicted or prevented but we have made changes to stop it happening again
12. We're not blaming our customers but really why were they storing their personal data on our systems anyway. Basically asking for it.
Since almost all calls are from subscribers with unlimited calling and texting plans, AT&T has no business reason to save much of this data. Even in those limited instances where it is used for billing, it need not be stored many months.
However, the government no doubt requires AT&T to keep it in order to support law enforcement and national security investigations.
Yep this is the inevitable result of government mandates to save call records. If they had required them to store SMS messages as well that would also have been stolen - and that would have been a much bigger deal since it would catch a lot of iPhone->Android messaging in the US (the "green bubbles") and no doubt there would be some things said that the parties would not want getting out.
Even as it is if this got out I imagine journalists and activists would be trawling it against lists of numbers they know for public figures in the political and celebrity sphere. Or if it was kept private and just shared with a few who paid for access to it - imagine you find out Taylor Swift had an abortion last year or Trump's wife is having an affair with Steve Bannon, how much would that be worth to the kind of muckrakers (or blackmailers) who would die to get their hands on something like that.
I've used AT&T for years now and have no worries at all because they send me an invoice every month and I send them a check. That add the cost to me for the price of a stamp but completely limits typical risks - I use checks for all regular bills so my credit cards are relatively safe.
That just means that 1) the cards issuing banks know exactly where, when, and what you've purchased. 2) the card brand also knows this information. The merchants only know about what you've purchased at their establishments. All three sell that information to whoever wants to buy it, for as much as they can get for it. Add your phone provider's data to the mix and if you're having an affair because you only buy condoms when you go to that other house.
I've not had a credit card for more than 10 years. All my bank knows is that I withdrew x dollars at y branch on day z. I haven't paid any interest payments in all that time.
So, you don't use a cheque book either?
Still, that aside, I think you should stop giving all your details to the bank like that... Get rid of the bank account, and store all your money under the bed (run it through laundering services, just in case)
Oh, and "El Reg" knows who you are... Better delete your account here too!
Not to cause you any worries, but they likely digitize the check in order to convert it to an electronic ACH transaction. An organization the size of AT&T probably has been doing something like that with checks since the MICR print along the bottom of the check was intended to be machine readable for well over 25 years. BTW that MICR print is the RTN and account number, all that is needed to submit an electronic ACH transaction. And they are probably storing it unless they are specifically prohibited from doing so, ah maybe even then.
Everything online because convenience. Nevermind security.
Sell all information because maximum profits. Nevermind privacy.
In an email (this week) I was informed...
"Ticketmaster recently discovered that an unauthorized third party obtained information from a cloud database hosted by a third-party data services provider. Based on our investigation, we determined that the unauthorized activity occurred between April 2, 2024, and May 18, 2024. On May 23, 2024, we determined that some of your personal information may have been affected by the incident."
...
"The personal information that may have been obtained by the third party may have included your name, basic contact information, and payment card information such as encrypted credit or debit card numbers and expiration dates."
Glad it wasn't anything important and they rushed right out to tell me about it. As a stroke of luck I'd lost my CC and was issued a new one recently.
An article I read was reporting that no Social Security Numbers were divulged. The problem is that the telephone number has supplanted the SSN as an identification number. With number portability, people are keeping their phone numbers. While it's been taught that one shouldn't hand out their SSN to just anybody, the same isn't true for phone numbers. Besides that, there have been enough US government breaches that Big Data companies have SSN's already so between those AND a telephone number, they have everybody firmly nailed down.
While it's hopeless to think one can become a "blank", I have categories of things that I only pay for with cash and generally only locally as well. I don't participate in Rewards Cards, don't enter contests or sign up for surveys. All of those things can be very telling and the sorts of things that can be told about somebody given enough shopping purchases is scary. It used to be the spooks that were expert in that sort of thing, but now anybody can do it. Just tip out and scan the contents of somebody's rubbish bin(s) for a month and feed the information into an expert system to do the work for you. The more you can do that, the better confidence levels you will get on the surmises.
Correct me if I’m wrong, but the Hill article says specifically:
“We’re going to look at this really hard,” he told reporters Thursday. “We’re going to work with industry to see what we can see we can find out, but right now, we’re being told AT&T has no reason to think that this was a cybersecurity incident.”
Jumping to one conclusion or another isn’t helpful. Preparing for the outage is.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
