AT&T Corp. disclosed today that a new data breach has exposed phone call and text message records for roughly 110 million people — nearly all of its customers. AT&T said it delayed disclosing the incident in response to “national security and public safety concerns,” noting that some of the records included data that could be used to determine where a call was made or text message sent. AT&T also acknowledged the customer records were exposed in a cloud database that was protected only by a username and password (no multi-factor authentication needed).
I just received my notice from AT&T's last hack informing me I was included and recommending I should signup for monitoring (at my cost). Then they sent me my bill late over the Memorial Day Holiday, moved up the due date, and had the due date on a Sunday, which their processing center is not open....Hmmm. I sent the payment the next day but, AT&T claims I was late and charges me a late fee. I called them up to discuss the late fee only to find out they cant discuss it with me because they rest my PIN# due to the last breach and could not confirm I'm the customer. I told the customer rep. you have caller ID right? You can see I'm calling you from the landline on the account right? Well after 20 min on hold, they conceded and reset my PIN# and were now able to discuss the issue...
AT&T as all corporate entities do, have said there is no financial or operational impact due to this breach. I would imagine so, simply because, there is never any meaningful accountability for corporations. Its just lather, rinse and repeat. They pay a cheese cake fine to the government , we the consumer get our information stolen again and again. We suffer the consequences and yet. Every security company, every credit bureau instantly knows there is money to be made, then want to sell us "Identity protection". Just a huge pyramid scheme from where I sit. I say they're all in on it and knowingly.
Example of corporate "don't give a hoot" attitude. Just yesterday, when scheduling an appointment with one of my financial institutions, I received a text message and e-mail response with the same informational content regarding that appointment. From their V-Calendar running on a fully, unsupported Microsoft 2010 Exchange server. Point in case here is this is 100% disregard for maintaining their software vice shutting down services during non-peak hours over a weekend and upgrade to a fully supported version of Exchange server. I have notified said institution of my findings and saved all the correspondence in the event they too are breached. My opinion is that its not IF they are breached its just WHEN.
Government will also say, "These companies are too big to fail", allowing them to do so will have an economic impact on the US. So be it!! Its time to do one of two things. Break them up and force competition, coupled with stiff laws regarding past and future security issues, to pay out customers. Or just simply put, allow customers to sue to the point where it closes their doors anyway. Make it THE EXAMPLE of what corporate "policy" and the bottom line thinking above all else ends with the result of forced consequences. It will only take one company being made that example, to make a shift in corporate neglect and ultimate greed. Its just one company after another. Corporate America is either complacent, or incompetent. Most likely both.
