AT&T Crack Part of a Phishing Operation

JohnGrahamCumming writes "According to a story in the San Francisco Chronicle the AT&T store crack was the prelude to a very sophisticated phishing operation. The phishers were aiming to use the information from the store to fool existing customers into divulging SSNs and other personal information." From the article: "'The information that was provided by customers who ordered DSL-related equipment included name, address, e-mail address, phone number, credit card number and credit card expiration,' the memo says, adding that the hacked data didn't include Social Security numbers or birth dates. But the hackers had a scheme to get this extra info. After accessing the customer data, they incorporated it into phishing messages that were promptly sent to AT&T's DSL customers ... Each message included a legitimate order number culled from the AT&T vendor's database to create an illusion of authenticity. Messages also included the recipient's home address and the last four digits of his or her credit card number. "

Privacy violations rampant

[mabu]

This is just one of many, many issues of privacy violations that have happened in the last year. And the feds seem mainly interested in letting states regulate and report on security breaches. So far only a few states have legislation to notify consumers of database compromises, which is a shame. The sad part is many people may have had their information stolen and they will never know until the information has been exploited, all the while the corporations have been aware of this for a long time and choose not to reveal the violations in fear of a negative PR.