Slashdot Mirror

← Back to Stories (view on slashdot.org)

AT&T Breached, Exposes 19,000 Identities

Posted by ryuzaki0 on from the somewhat-worse-than-a-laptop dept.

mytrip writes to tell us News.com is reporting that a recent attack on AT&T's systems saw thousands of customers' personal data compromised. About 19,000 customers of AT&T's online store who purchased equipment for a DSL connection were affected. From the article: "AT&T is offering to pay for credit monitoring services for customers whose accounts have been impacted because they could be at risk of identity fraud. The company also has made available a toll-free number to affected customers to call for more information."

21 of 143 comments (clear)

  1. O RLY? by abscissa · · Score: 5, Insightful

    They will pay for credit monitoring services, but will they pay for all the liability from a stolen ID? That can reach into the hundreds of thousands of dollars in real damage.

    1. Re:O RLY? by TIMxPx · · Score: 4, Insightful

      Good point. I suppose that a person releasing 1 million copies of a CD should expect the same level of privacy as a person who submits encrypted credit card information. Oh wait, maybe not.

      --
      There are 10 kinds of people in the world: That averages about 660,000,000 of each kind.
    2. Re:O RLY? by Anonymous Coward · · Score: 2, Insightful

      > It wasn't stolen, it was "shared". Making a copy doesn't take anything away from the original owners, right? They still have their names, social security numbers, etc.

      It wasn't shared (that implies willingness). If anything, it was "exposed", because it was suposed to be secret or confidential information, something a Britney Spears CD is not (but I would not arge with you if it should).

    3. Re:O RLY? by jackbird · · Score: 4, Insightful
      It wasn't stolen, it was "shared". Making a copy doesn't take anything away from the original owners, right? They still have their names, social security numbers, etc.

      That's true. And if the identity thieves stop there, simply filing their collection of stolen identities away and displaying a few choice specimens above the mantle for when guests come over, I don't have a problem with it (well a small one, but I can deal).

      When the identity thieves use those stolen identities to clean out bank accounts, take out fradulent loans, and steal real, physical goods using credit cards in the victim's name, then they do take something the owner no longer has. IHBT. HAND.

    4. Re:O RLY? by Evro · · Score: 2, Insightful

      I imagine if someone was copying the information simply to have it, it wouldn't be a big deal. But the fact is that they're copying it for the purposes of identity theft, which translates to real dollars-and-cents costs for the victims. Copying a CD is not the same thing as copying someone's credit card number, which implies using that number to purchase goods with the stolen information. Your argument is cute but specious.

      --
      rooooar
  2. Thats exactly why... by Anonymous Coward · · Score: 4, Insightful

    I choose to be an Anonymous Coward.

  3. In other news by suv4x4 · · Score: 1, Insightful

    In other news:

    "AT&T infects 19'000 of their customers with AIDS, after a 'breach' of their 'security' yesterday.
    AT&T is offering to pay for free condoms for all affected customers."

  4. Oi! Hie Thee to Strunk and White! by JumpingBull · · Score: 1, Insightful

    Affected is preferred.
    Effected suggests being brought into being. A database security breach that effects 19000 new customers would not only bring the wrath of the accountants at the Security and Exchange Commission, but also suggests a militant AI broken loose in ATT!

    In response to the A/C that suggested we're; you can remember that a comma suggests a contraction of we are.

    God is an Iron; Engish was my most hated and worst subject. I leave a glass of Wry for my fellows, but I had to learn this grammer stuff in self-defence. Which I shall maintain in a Court of Law.
    Oh, Strunk and White, "the Elements of Style" is a fast way to invigorate your writings. Well worth getting.

    --
    This is progress?
  5. Look, shit happens to the best of us. by Pink+Tinkletini · · Score: 3, Insightful

    I'm not saying AT&T is "the best of us," but your proposed remedies are fucking childish. Do you also support capital punishment for late pizza delivery?

    --
    And now, a PSA from David Lynch.
    1. Re:Look, shit happens to the best of us. by DesireCampbell · · Score: 2, Insightful

      If AT&T is the pizza guy, they didn't show up late; they showed up with shitty pizza, charged me way too much for it, has been regularly giving my delivery records (including my name, number, address, pizza info, time of delivery, etc.) to the NSA, and have such slip-shod security that information gets leaked putting me (and 19,000 other pizza loving customers) at risk for identity fraud.

      Late pizza is the least of my worries.

      --
      Whoo, signature!
      DesireCampbell.com
  6. Re:Only "thousands"? by azaroth42 · · Score: 3, Insightful


    Will the CTO of AT&T resign like AOL's did over the search history release, which was significantly less damaging than this.

    I'm putting my money on No, personally.

    -- Azaroth

  7. Stop collecting SS# by Anonymous Coward · · Score: 4, Insightful

    These companies need to stop collecting this information in the first place. There is no need for AT&T to have this at all to do their business. Last I checked they aren't the Social Security department.

  8. Good for them by Rogerborg · · Score: 5, Insightful

    The news here isn't that some incompetent set up their systems, nor that they were cracked. The news is that they've responded openly and meaningfully, without trying to deny it or play down the scale of what happened. I wouldn't be hurrying to sign up to their service because of it, but it certainly doesn't bias me against them. Honesty and integrity are rare enough qualities in corporations that we should applaud them when they claw their way past the lawyers and PR weasels.

    --
    If you were blocking sigs, you wouldn't have to read this.
  9. Re:Only "thousands"? by $RANDOMLUSER · · Score: 5, Insightful

    To you and the GP:
    This was a break-in, not a "spill", which was detected by AT;&T, on the weekend at which time they took very active measures (shutting down the site and contacting credit card companies). Sounds to me like they have some pretty good procedures in place already; you know, the kind of thing a CTO is responsible for.

    --
    No folly is more costly than the folly of intolerant idealism. - Winston Churchill
  10. It looks like . . . by Don_dumb · · Score: 3, Insightful

    . . . AOL is off the hook.

    --
    If this were really happening, what would you think?
  11. Steal identity? by homer_s · · Score: 5, Insightful

    How can anyone steal someone else's identity? Oh, you mean they stole people's social security numbers. That should not be a problem, because as we all know, ss numbers are not meant to be used for identification.

    The real problem is companies and the govt using SS# for identification. At this point, about 50 ppl know my SS# - the librarian, the assistant at my school, the clerk in the bank, etc, etc. - so any of these people can harm if they don't like me for some reason? This is stupid.

    So what next? Some company decides they are going to use FIRSTNAME_LASTNAME as the id and we are all supposed to keep our names a secret? And run around complaining when our 'identity' (FIRSTNAME_LASTNAME) is stolen?

    In many countries, you need a notarised signature to obtain loans, etc. While not foolproof, you can always prove it was not you and it takes more effort to commit fraud.

  12. Scope Creeps by Doc+Ruby · · Score: 2, Insightful

    Corporations should not be allowed to store personal info longer than the duration of the transaction, or transmit it outside the scope of the transaction. AT&T should be prosecuted for liability, including lifetime exposure to ID fraud. AT&T security and policy managers and directors should hold personal liability, piercing the corporate liability veil.

    Then we'd see American corporations rush to rewire their databases to protect customers, instead of protecting their advantages in charging and marketing to us, and the risk that their few bucks benefit will destroy our lives.

    --

    --
    make install -not war

  13. Re:"...customers were effected" by Anonymous Coward · · Score: 0, Insightful

    Couldn't HAVE fixed that, you fucking moron. First have a look at yourself before spouting your shit. Retard.

  14. Why go to all the trouble break in? by kasparov · · Score: 2, Insightful

    Hell, they probably could have just *asked* for the information and AT&T would have handed it over...

    --
    There's no place I can be, since I found Serenity.
  15. Re:Where there's smoke by King_TJ · · Score: 2, Insightful

    Huh? The responsibility for that illegal operation should rest squarely on the shoulders of the current presidential administration. You can't reasonably expect any company in AT&T's position not to comply with something like that - no matter how evil the request is.

    Ultimately, they're put betweewn "a rock and a hard place" because they have no immediate legal recourse for a demand placed on them from the highest level of government. They're already govt. regulated as it is - and failure to comply with such an order could effectively put a freeze on their ability to do business at all.

    I think their smartest business move was to just go along with things, but not to interfere when it gets challenged in court either. This is between the govt. and the people, with AT&T getting drug into the middle of things because they owned the technology that needed to be tapped into to make the spying plans work.

  16. Re:No copyright by bsartist · · Score: 2, Insightful
    The only thing on a SS-card or a credit card might be the artwork, everything else has no copyright.
    I used the term "principle" for a reason. The principle I'm referring to is control. The legal technicalities are different - which is why I specifically did not refer to them. But the principle is the same: the right of a person to control and/or limit the distribution of specific bits of information. To demand that right for one's self while at the same time trying to deny it to others is hypocrisy, plain and simple.
    --
    Lost: Sig, white with black letters. No collar. Reward if found!