NYSE:T loses yet more customer data—this time, from almost all  of  them.

Should’ve Used MFA

What’s the craic, Zach? Mr. Whittaker reports: AT&T says criminals stole phone records of ‘nearly all’ customers in new data breach

“Snowflake’s customers”
U.S. phone giant AT&T confirmed Friday it will begin notifying … around 110 million … consumers about a fresh data breach. … AT&T said that the stolen data contains phone numbers of both cellular and landline customers, as well as AT&T records of calls and text messages — such as who contacted who by phone or text — during a six-month period [in] 2022.
…
[It] includes call records of customers with phone service from other cell carriers that rely on AT&T’s network. … Some of the stolen records include cell site identification numbers, [which] can be used to determine the approximate location of where a call was made or text message sent.
…
[The] customer records were stolen from the cloud data giant Snowflake during a recent spate of data thefts targeting Snowflake’s customers. … AT&T is the latest company in recent weeks to confirm it had data stolen from Snowflake, following Ticketmaster and LendingTree subsidiary QuoteWizard, and others. Snowflake blamed the data thefts on its customers.

I’m feeling some déjà vu—how about you? Meera Navlakha reminds us: If you thought the first breach was bad …

Back in March, the telecoms giant had another, unrelated, leak on its hands: one that unfortunately included Social Security numbers and encrypted passcodes. It wasn’t the first. In 2021, too, AT&T experienced another data leak which it has been accused of never acknowledging.

Horse’s mouth? Dial $T’s PR A-team ASAP: What we’ve learned, how we’re responding

“We’ll contact you”
We continue to work with law enforcement in their efforts to arrest those involved. Based on information available to us, we understand that at least one person has been apprehended. … We hold ourselves to a high standard and commit to delivering the experience that you deserve.
…
If your account was affected by the event, we’ll contact you by text, email, or U.S. mail. … Remain cautious of any phone call or text request asking you for personal, account, or credit card details.

110 million: Is that a big number? Christopher Palmeri and Charles Gorrivan put it in context:

[It’s] one of the biggest breaches of private communications data in recent memory. … It has the potential — if the data is released — to be devastating for some customers. That includes anyone who doesn’t want others knowing who they are calling, such as politicians, executives, activists, journalists and their sources.

Good point. And rtkane illustrates it neatly:

Here come the, “Pay me $750 in bitcoin or I’ll tell your wife about the texts between you and your girlfriend,” scams.

Blame the C-suite? TuballoyThunder has this “unpopular opinion:”

There is only so much mental bandwidth that the leadership can provide. … I think the recent spate of serious failings by companies is due to attention being spent on tax avoidance planning, contributing to political campaigns, and virtue signaling.
…
What we are seeing is fundamentally broken corporate culture. Putting out a solid product has effectively been deprioritized [over] competing goals.

How long has the death star known about it? Mike Wuerthele asked the question:

The company says that it learned about the breach on April 19. In a statement, … AT&T says that was cooperating with law enforcement in the ongoing investigation, and waited to disclose to avoid “undermining their work.”

How’s your tinfoil hat? lumb63’s is fully operational:

This is another consequence of the surveillance state. The same data that can be used to surveil us by the government can be stolen by who-knows-who. We’d all (mostly) be far better off, IMO, if companies didn’t retain such records.

Surveillance state? Baron_Yam snarks it up:

There’s already a backdoor so massive in AT&T that it should probably be called NS&A.

Meanwhile, what can Crowbot conclude from the PR blurb?

So we need to be alert for phishing and other scams: Just another Friday.

And Finally:

Ouch ouch ouch ouch.

Hat tip: cowcat

Previously in And Finally

You have been reading SB  Blogwatch by Richi  Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites—so you don’t have to. Hate mail may be directed to  @RiCHi, @richij, @[email protected], @richi.bsky.social or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.