Att customer data breach! SSNs & Drivers License info stolen (UPDATE: only 1600 cust)

[eelw]

Why are people blaming AT&T for action of some rogue former employee that was in position to access this info? At a certain point in the company database, info will be available in the clear with proper security levels. It's impossible to prevent this security breach.

 

[Hal~9000]

Why are people blaming AT&T for action of some rogue former employee that was in position to access this info? At a certain point in the company database, info will be available in the clear with proper security levels. It's impossible to prevent this security breach.

Why are full SSN's available to employees at all? I mean I could understand the last 4-digits so a customer service rep can verify someone over the phone, but FULL social security #'s? That's just ****ing lazy security by AT&T...

If a person falls behind and gets sent to collections then AT&T should have the process fully automated and encrypted. There should not be a single point in the entire customer service (or collections) process that a human can get my full SSN

 

[erzhik]

Why are people blaming AT&T for action of some rogue former employee that was in position to access this info? At a certain point in the company database, info will be available in the clear with proper security levels. It's impossible to prevent this security breach.

Why is AT&T keeping all SSNs unencrypted? And why does AT&T allow employees access the SSN database?

 

[eelw]

Sorry, databases aren't screened like that fully across the chain. At some point in the line, full personal info including passwords is accessible. Unfornately this bad apple had high enough clearance.

 

[GoCubsGo]

Good advice. Seems like in the future people need to start checking their credit report daily just like they do their email or bank account. Right now I have the 1-year free due to the Target breach.



Sucky but very true

At least retailers didn't leak SSN's and Drivers Licenses like AT&T did ...'just' credit card info.

Well, to my knowledge he stole the information and didn't leak it, yet. Second, retailers can most certainly obtain that info if they offer store credit cards. You aren't 100% safe ever. Best you can do is monitor your own credit from time to time and pay attention to your bank accounts.

 

[palmerc2]

Great! So if you're a Chase bank and AT&T client (which I'm both) you could potentially have a lot of information out there. Both breaches within a week!

Technology is great and all, but with sensitive personal information stored and able to get hacked - this will just start happening more and more.

 

[Hal~9000]

Second, retailers can most certainly obtain that info if they offer store credit cards.

No. We aren't talking about retailers offering their own credit cards, I was saying that retailer breaches like Target, Home Depot, Michaels, etc were only breached for credit card information NOT high security stuff like SSN's.

If I use my citibank card at a Target and it gets a credit card breach, that is much less risky than if someone has access to my drivers license and social security #. I can simply dispute fraudulant charges with my bank, it's not as high level as straight up identity theft like AT&T allowed.

You aren't 100% safe ever. Best you can do is monitor your own credit from time to time and pay attention to your bank accounts.

Agreed, hard to be 100% safe, but no company should be allowed to leak SSN's this easy... EVER. Human eyes should only be able to view the last 4-digits. Everything else should be completely automated and encrypted.

 

[AdonisSMU]

No. We aren't talking about retailers offering their own credit cards, I was saying that retailer breaches like Target, Home Depot, Michaels, etc were only breached for credit card information NOT high security stuff like SSN's.

If I use my citibank card at a Target and it gets a credit card breach, that is much less risky than if someone has access to my drivers license and social security #. I can simply dispute fraudulant charges with my bank, it's not as high level as straight up identity theft like AT&T allowed.



Agreed, hard to be 100% safe, but no company should be allowed to leak SSN's this easy... EVER. Human eyes should only be able to view the last 4-digits. Everything else should be completely automated and encrypted.

AT&T failing like a whale.

 

[eelw]

.
Human eyes should only be able to view the last 4-digits. Everything else should be completely automated and encrypted.

All good until Skynet comes active :O

 

[jim.hickman.777]

Well my SSN is the same as my DL so it will be easy

 

[kilcher]

Ugh, this is getting old. And they get away with only offering (and how many people actually take them up on it) a free year of credit monitoring. AT&T can't even cough up a free GB or two of data per month for a year?

Why does it take AT&T OVER A MONTH to alert consumers their information may have been compromised? CYA first and delay as long as possible I guess.

Why do companies need to store your credit card information? I guess I can see if you have it saved on a website for easier checkout but if I use my credit card in a Target or Home Depot why do they need to store that card number indefinitely? It's like they're just hoarding data.

I think most class action lawsuits are bunk but at this point I wouldn't mind seeing a few aimed at companies that fail to secure our data.

I also wonder if we'll ever see a time when we'll have access to a free credit report more than once a year. At least twice a year seems like it's reasonable in today's world. A lot of damage can be done in a year.

 

[julius071]

Oh no, Aiden Pearce is a real life character.

 

[Hal~9000]

Why does it take AT&T OVER A MONTH to alert consumers their information may have been compromised?

Well, if they told us a month ago they might have a couple of mad customers whose contracts were up leave to upgrade with other carriers for the iPhone 6... and we just couldn't have that happen now could we AT&T?

 

[nox5]

Fake your own death and start over as illegal alien with new name and if legalized new ss#

 

[Hal~9000]

I hate it when they say "unspecified number of users"!

Password changed

Just wanted to let you know that they # of customers affected came out: 'only' 1,600 (http://bits.blogs.nytimes.com/2014/...p=true&_type=blogs&_php=true&_type=blogs&_r=2)

 

[mgmusicman94]

Password changed

A password change wouldn't really do much in this situation.

 

[arliu]

so do they know who got affected? changing our pw's dont do anything

 

[Newtons Apple]

A password change wouldn't really do much in this situation.

I agree but did it anyway.

----------

Just wanted to let you know that they # of customers affected came out: 'only' 1,600 (http://bits.blogs.nytimes.com/2014/...p=true&_type=blogs&_php=true&_type=blogs&_r=2)

Sorry but I have a lack of faith in AT&T telling the truth in a situation like this.

 

[noekozz]

Guys, not to bring back this thread from the dead. I happened to be one of the customers breached. I received a notice from AT&T about a week and a half, 2 weeks ago, making me aware of the breach.

Today I got home to find a Verizon wireless bill to my name. I immediately called up Verizon and had them freeze the account and it's currently under investigation.

If anyone received a notice from AT&T and were affected, keep your eyes peeled. I'm currently in the process of looking at all my personal accounts, as I've never had this happen to me.



On a side note, still waiting for my phone.