Bah!
"If the wrong person or the person in the wrong frame of mind decides to use that access badly, what can you do?"
Seriously? "File criminal charges" would seem to be a good start.
Publically disseminating the perpetrator's name so he/she never works in the industry again might be appropriate. Let them sue. I'm sure the public will be supportive when the first press conference is given.
Sue in civil court to recover costs of all the measures that must now be paid for to guard those affected from future fraud.
I have more ideas, if anyone from AT&T needs them.
I'm an AT&T customer and I'm fed up with computer criminals making my life difficult.
Next up: Why can't Chase f*cking Bank learn to encrypt their data on me so when it gets stolen again (and again) it can't be properly associated into dangerous information?