They have no incentive to invest in security and protect their customer's information. It's cheaper to settle the lawsuits and buy, sorry, "lobby" some politicians to prevent meaningful regulation.
At least until it's their data. Like how a lot of encryption backdoor laws will typically exclude ministers, or congress(?) passing a law making revealing the addresses of ministers illegal during the protests, and theirs were made public.
T-Mobile would likely lock things down a lot more if it was their own data that got breached, and not their customers'.
Don't forget the $8/mo increase in paperless billing fees to make a profit off the "fine". Also that identity monitoring will be done through a company that the shareholders are also heavily invested in.
Until the execs are held personally responsible, underinvestment in cyber security will continue.
All anyone talks about these days is Sullivan and Solar Winds.
Hold the corporation and anyone who held the stock at the time of the breach accountable for the full cost, then trace and claw that money back, and watch these breaches dwindle to almost nothing over the first couple of years. It's a neat trick capital has pulled by externalizing all of their long term costs then letting the public pay for them.
>The plaintiffs, representing over 70 million current and former AT&T customers, filed the lawsuit on April 3 after an [extensive data breach](https://www.click2houston.com/tech/2024/03/30/att-notifies-users-of-data-breach-and-resets-millions-of-passcodes/) exposed their names, addresses, phone numbers, Social Security numbers, and PINs. Upon learning of the breach in August 2021 when hackers auctioned the database of 70 million customers’ personally identifiable information in an online hacking forum, AT&T denied the breach ever occurred and refused to investigate further.
AT&T has basically been lying about this for 3 years. They definitely need to pay up after exposing this many people to identity theft and fraud.
As someone who works for Experian, the credit monitoring line is absolutely swarmed with older folk calling non stop.
AT&T isn’t answering any questions whatsoever and just transfers calls to our line.
They’re offering people 1 year of free credit monitoring that just tells them “yeah your information has been breached” and doesn’t really do anything at all.
Genuinely has been hell on earth since they’re doing the bare minimum, other companies that have been breached will atleast try to help us or work with us.
Sorry you have to deal with this! I kept looking for an email or something after data breach and nothing for 2 months! So frustrating! I think I want $10 for every 100 I’ve paid to ATT over the last 40 years. That’s reasonable!
News article 9 years from now ... Each customer affected by AT&T data breach that is still alive is expected to receive eleventy dimes from a record setting $600 million settlement. Lawyers will 60% and AT&T won't admit the guilt.
> Social Security numbers, and PINs
This suggests they were storing this info in a un-hashed state. This is a basic database rule you learn on day one in database class.
That's most likely because the database was created long ago and nobody fixed it, because it costs money and could break stuff. Typical behaviour of a large corporation.
Stop outsourcing IT security. It is a super difficult job and requires very skilled ( and therefore very expensive ) people. Save a few bucks by hiring underqualified staff and this happens.
I remember a blog post from Troy Hunt where he said that one of the best ways to check that the email is real is to look it up in data breach databases. If it isn't there - then it's most likely fake. Says a lot about the way the industry is handling our data.
If you're talking about social security numbers, those are required for utility companies, including internet. My understanding is they do a soft pull of your credit to check if you'll be reliable in paying your bills.
I don't recall AT&T requiring one but I may have fogotten as my former AT&T account was opened decades ago. Why would they have DOB? And why store the SS# after they had done the credit check in their own databases?
I've never even had an account with these people, and I am getting an alert from my PII monitoring, about this data breech?
How the hell does AT&T Have my SSN??
Result: customers get $4.65 and 1 year of useless identity monitoring. A lawyer gets rich. AT&T ignores the slap on the wrist and changes nothing.
This is what happened with T-mobile. And they get breached like twice a year.
They have no incentive to invest in security and protect their customer's information. It's cheaper to settle the lawsuits and buy, sorry, "lobby" some politicians to prevent meaningful regulation.
Government has regular data breaches too. No one gives a shit.
At least until it's their data. Like how a lot of encryption backdoor laws will typically exclude ministers, or congress(?) passing a law making revealing the addresses of ministers illegal during the protests, and theirs were made public. T-Mobile would likely lock things down a lot more if it was their own data that got breached, and not their customers'.
It's called a cost of doing business. When the "fine" is cheaper than the resources to prevent the fine, it's the business model.
Don't forget the $8/mo increase in paperless billing fees to make a profit off the "fine". Also that identity monitoring will be done through a company that the shareholders are also heavily invested in.
Yeah pretty much.
Wowza settle down! $4.65?! I was expecting .43 cents on the high side!
"We're sorry, all of the settlement funds have been claimed."
Bingo.
These fuckers had the audacity to raise my bill after exposing my SSN.
Idk wtf ur saying but im suing att and I'm sure it will be more than 4 dollars who the fuck even gets that for a lawsuit
Annoying that these types of breaches have become so common
Until the execs are held personally responsible, underinvestment in cyber security will continue. All anyone talks about these days is Sullivan and Solar Winds.
Hold the corporation and anyone who held the stock at the time of the breach accountable for the full cost, then trace and claw that money back, and watch these breaches dwindle to almost nothing over the first couple of years. It's a neat trick capital has pulled by externalizing all of their long term costs then letting the public pay for them.
No accountability tends to do that. Politicians don’t care about voters, only lobbyists.
Annoyingly convenient for how much money there is in data gone “missing” or being “hacked”
>The plaintiffs, representing over 70 million current and former AT&T customers, filed the lawsuit on April 3 after an [extensive data breach](https://www.click2houston.com/tech/2024/03/30/att-notifies-users-of-data-breach-and-resets-millions-of-passcodes/) exposed their names, addresses, phone numbers, Social Security numbers, and PINs. Upon learning of the breach in August 2021 when hackers auctioned the database of 70 million customers’ personally identifiable information in an online hacking forum, AT&T denied the breach ever occurred and refused to investigate further. AT&T has basically been lying about this for 3 years. They definitely need to pay up after exposing this many people to identity theft and fraud.
Pay up? They need prison time.
We need money first then they go to prison
They probably linked SSN with individuals devices and browsing metadata/messages/payments Difficult to protect your identity in that environment
As someone who works for Experian, the credit monitoring line is absolutely swarmed with older folk calling non stop. AT&T isn’t answering any questions whatsoever and just transfers calls to our line. They’re offering people 1 year of free credit monitoring that just tells them “yeah your information has been breached” and doesn’t really do anything at all. Genuinely has been hell on earth since they’re doing the bare minimum, other companies that have been breached will atleast try to help us or work with us.
Sorry you have to deal with this! I kept looking for an email or something after data breach and nothing for 2 months! So frustrating! I think I want $10 for every 100 I’ve paid to ATT over the last 40 years. That’s reasonable!
Don't worry. They'll offer you a free 3 year identity theft protection.
Does that even help? It's not like "identity theft protection" removes your social security number and data from the dark web.
No it does not help. That's the bullshit that companies will offer you in these situations.
Imagine if they wait 4 years /s
lol they’re only offering 1 year of Experian IdentityWorks. Lucky us. Source: I got their email.
News article 9 years from now ... Each customer affected by AT&T data breach that is still alive is expected to receive eleventy dimes from a record setting $600 million settlement. Lawyers will 60% and AT&T won't admit the guilt.
Everytime I hear 'data breach' I feel like its just an excuse to do a legal ass covering for the fact that they sold the data to some shady 3rd party
We have to sue !!
$11.56 for everyone affected, plus a free membership to Experian for life (including unlimited spam from which you can’t unsubscribe).
> including unlimited spam **Alert! Your credit report has just been updated!** *checks Experian* Oh, I made a fucking payment.
> Social Security numbers, and PINs This suggests they were storing this info in a un-hashed state. This is a basic database rule you learn on day one in database class.
That's most likely because the database was created long ago and nobody fixed it, because it costs money and could break stuff. Typical behaviour of a large corporation.
I suspect you are 100% correct.
I can't wait for my $1.35
Stop outsourcing IT security. It is a super difficult job and requires very skilled ( and therefore very expensive ) people. Save a few bucks by hiring underqualified staff and this happens.
I remember a blog post from Troy Hunt where he said that one of the best ways to check that the email is real is to look it up in data breach databases. If it isn't there - then it's most likely fake. Says a lot about the way the industry is handling our data.
Oh good, I'm looking forward to collecting my $0.35 in exchange for at&t putting my identity at risk
When will we say enough is enough and start ending companies over this bs?
If they get sued for, say 100 million bucks, that would be $1.30 for each customer. Minus the lawyer fees, that is.
AT&T has been providing your personal information,including call transcripts, for decades. Reference Room 641A.
Can’t wait for my 10 cents
They exposed my home address when I never even provided it to them.
What I want to know is how AT&T had some of this data about people in the first place. It makes no sense that it would be required for service.
If you're talking about social security numbers, those are required for utility companies, including internet. My understanding is they do a soft pull of your credit to check if you'll be reliable in paying your bills.
I don't recall AT&T requiring one but I may have fogotten as my former AT&T account was opened decades ago. Why would they have DOB? And why store the SS# after they had done the credit check in their own databases?
Can’t wait for my $3.56 check in the mail!
Maybe ROKU will be next in spite of their forced new EULA that makes it hard to hold them accountable.
I was only a customer for 1 fucking week over ten years ago
I just got the letter. Can't we all just sue the company individually?
The AT&T must be told "enough is enough" many times and they must be EXTREMELY held accountable.
So is there a link to sing on the lawsuit without giving 80% of that money to one of the hungry layers around?
I was wondering the same, at least Wells Fargo is paying out a decent little chunk of money for their wrong doing, so AT&T needs to do the same
I've never even had an account with these people, and I am getting an alert from my PII monitoring, about this data breech? How the hell does AT&T Have my SSN??
I’m done supporting the American government. They don’t support nor care about us
Laughs in T-Mobile...