Given how lax AT&T is with this sad press release. They are fully expected to pay some fine, which they will pay after exhausting years of appeals. At that point, people will have forgotten. Impacted people get a check for $5 (if they are lucky). Business as usual.<p>Nobody goes to jail. Some offshore team is replaced with another bottom of the barrel contractor. Maybe a low ranking executive is given a slap on the wrists, internally. AT&T cuts some internal program to make up for loss (1 year moratorium on T&E for that team)
Apparently they encrypted customer passwords instead of one-way hashing [1].<p>"A security researcher who analyzed the leaked data told TechCrunch that the encrypted account passcodes are easy to decipher."<p>"The leaked data includes AT&T customer names, home addresses, phone numbers, dates of birth and Social Security numbers."<p>[1] <a href="https://techcrunch.com/2024/03/30/att-reset-account-passcodes-customer-data/" rel="nofollow">https://techcrunch.com/2024/03/30/att-reset-account-passcode...</a>
> AT&T has determined that AT&T data-specific fields were contained in a data set released on the dark web; source is still being assessed.<p>In the "about us" section<p>> We help more than 100 million U.S. families, friends and neighbors, plus nearly 2.5 million businesses, connect to greater possibility.<p>I like how they address themselves in the 3rd person. Did something bad? Use the passive voice and address yourself in the 3rd person.
The only thing more shocking than these regular leaks, is how many banks assume that if you produce SSN and DOB of Person X then you're X! And if you're not X then that's X's problem — His identity got stolen!
Their website is truly pathetic leaving the burden on individuals to need to protect this information. They should bleed red severely for this in punitive damages to those impacted.