AT&T Notifying Customers About Massive Data Leak

[icanhazmac]

Why does a phone company need your social security number?

Billing. For collections and credit reporting.

The question is, if it was not AT&T that got hacked then it was a "partner" business they shared data with, or sold it to, why did they share social security numbers? I cannot think of a single reason to share that with an advertising partner.

 

[yeah]

Why does a phone company need your social security number?

Postpaid service usually requires a credit check, which is tied to your SSN.

 

[Unity451]

The problem is the data likely includes previous customers as well

Probably so. That's why I also have Identity Theft insurance.

 

[ifxf]

Glad I dropped AT&T a long time ago.

Att also leaked past customer data.

 

[Apple_Robert]

Wonder if this only relates to ATT's cellular division or if it also relates to things like DirecTV and DirecTVstream (which was known as ATT TV Now for a while?

It involves both.

 

[Unity451]

Whoever you have now is just a likely a target for a data hack down the road.

It's not only an att problem. All of them have leaked and will keep leaking. Going to another carrier will only give your data to yet another company to leak meanwhile, as this leak shows, the old company will continue to leak your data.

The concern is if AT&T ever had you data, it is probably part of this data breech. It doesn’t matter if you’re a current customer. Data associated with 65.4 million former customers were released in this data breach.

If you went with TMo, you’ve already dealt with this. If you’re with Verizon, I’m sure the time is coming.

Probably so. That's why I also have ID theft insurance. There's no way to get away from it anymore. I've been a victim before, and I'm sure it'll happen again. Unfortunately, it happens so often that it's just a cost of doing business for these companies. They don't get held accountable as they should, and the end-user is stuck dealing with the hassle of getting everything fixed.

 

[Apple_Robert]

The leaked data actually goes back to 2019.

 

[jmgregory1]

Billing. For collections and credit reporting.

The question is, if it was not AT&T that got hacked then it was a "partner" business they shared data with, or sold it to, why did they share social security numbers? I cannot think of a single reason to share that with an advertising partner.

It’s not likely an advertising “partner”, but rather a storage, financial or some other type of operations supplier that held the data, including Social Security numbers. Will be interesting to see how things play out. I’ve been on AT&T for 17 years and although they’ve had their issues, it hasn’t been as calamitous as this data breach appears to be.

 

[Unity451]

Att also leaked past customer data.

I can still be happy that I dropped them.

 

[t0rqx]

The only difference them being hacked and them selling your data anyways is they did not made $$$ out of it.

 

[dominiongamma]

Today I’m happy to be not with T-Mobile or ATT because they do not care about your information or security

 

[Unity451]

Today I’m happy to be not with T-Mobile or ATT because they do not care about your information or security

Be careful... I dropped a comment like that, and I had a bunch of replies from people:

"tHeY LEakeD oLd dAtA tOo"

Yeah... as I said, glad I'm not with them anymore. 😆

 

[Chuckeee]

Postpaid service usually requires a credit check, which is tied to your SSN.

Fair enough. But when they package and sell your data why do the need to include your social security number? Why do they even need to retain your social security number after conducting a credit check?

When credit agency reports your credit back to a business in response to a credit check, they typically include only a partial social security number (***-**-1234) in the actual report.

 

[MrkJensen]

They ask for sensitive information to protect themself. If they do not take care of the information they should be hold be hold 100% responsible for any damage as they would then be unqualified for such managing such informations. -That should goes for any company who request personal information.

 

[DogHouseDub]

from a company that doesn't offer 2FA.

 

[Darren.h]

this breach actually makes all the T mobile data breaches look small.

 

[arkhanjel]

Today I’m happy to be not with T-Mobile or ATT because they do not care about your information or security

None of the carriers do. If I'm not mistaking I'm pretty sure every major carrier has had a data breach similar to this including Verizon. I think the thing that bugs me the most is the bare minimum these companies do for the customers in response. I'm tired of seeing companies say oh we're gonna pay for your credit monitoring for "x" amount of time. With all the breaches I'm sure some of us have multiple companies do that simultaneously. Kinda lame.

 

[sw1tcher]

If you went with TMo, you’ve already dealt with this. If you’re with Verizon, I’m sure the time is coming.

Every major carrier in the U.S. has suffered from multiple instances of a data leak, including Verizon.

2024: data on 63,000 Verizon employees compromised

2023: data on estimated 7.5 million Verizon customers leaked

2017: data on 6 million Verizon customers exposed

2016: data of 1.5 million Verizon Enterprise Solutions customers gets leaked

 

[deevey]

Name, birthdate, social security number and addresses. Is all ID thieves need. AT&T passcode is such a minor concern in comparison. People will need to freeze their credit reports and closely monitor their credit

The issue is AT&T did not do anything until the data appear in the wild. That is deplorable.

Most people use the same passcodes (or close variant) for all their internet needs.

Scary

 

[justanthonylee]

The fact they keep denying the data is from them, contains info that a provider should not share to another like SIN, and yet also finally said they will reset and let users know after Troy Hunt had to be public about the fact they keep saying to him and other researchers the data was not related to them.

 

[ghanwani]

Another day, another data breach. Seems like every company, present or past, that I have done business with -- telecom providers, insurance companies, banks, 401k custodians, employers, credit bureaus, government agencies (like IRS) -- have all been hacked. It seems like they're not even trying to be secure anymore.

Identity theft is a question of when not if.

 

[ghanwani]

Why does a phone company need your social security number?

So that they can leak it.

 

[Art Mark]

Until companies are penalized for screwing up like this, they will do nothing. It should be a massive fine, and even loss of key licenses. Then they might actually take cyber security seriously. Until then, it's the consumers problem. None of these companies take any responsibility and the CEO's who mist likely don't know even the basics about internet technology, just ignore it and play golf and give money to politicians.

 

[GrayFlannel]

• In 2021 hackers said they stole data from ATT customers.
• At the time ATT said there was no breach of their systems.
• Now, ATT is informing customers of a data leak, apparently from 2019 and earlier, but still maintains there was no breach of their systems.
• They are continuing to investigate

Do I have it right?

 

[sppunk]

Everyone’s identity has been stolen multiple times from all sorts of companies and everyone should act like it’s being used.

Freeze your credit reports.