Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

Here's a statement of the obvious: The opinions expressed here are those of the participants, not those of the Mutual Fund Observer. We cannot vouch for the accuracy or appropriateness of any of it, though we do encourage civility and good humor.

    Support MFO

  • Donate through PayPal

Big T data leak


Have we become desensitized to data leaks that this is not at the top of the page at Bloomy -

https://www.bloomberg.com/news/articles/2024-03-30/at-t-t-says-data-from-73-million-accounts-leaked-on-dark-web

Behind paywall.

Comments

  • edited March 30
    BaluBalu said:


    Have we become desensitized to data leaks that this is not at the top of the page at Bloomy
    [snip]

    These massive data breaches occur all too often.
    We, as a society, have become desensitized to them.
  • edited March 30
    It's being suggested by many operators in the security field that it may be a good idea to place a "security freeze" on your information at all three major credit agencies. This can prevent fraud by disallowing anyone to open new credit cards or other credit accounts by using personal data which has been compromised.

    You can freeze your credit information, and "unfreeze" it as may be desired if you want to authorize a new credit account in the future. This can be done online, and there is no charge for these operations.

    Here are Links to the "freeze" URLs for each of the three credit agencies:

    Equifax

    Experian

    Transunion


    According to an advisory email which I received this morning from AT&T-
    The information varied by customer and account, but may have included full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and passcode.

    There's not much else left to steal.


    Add- I just went through the "freeze" signup for all three agencies- it was very straightforward without any difficult hoops to jump through.

    OJ
  • Thank you @Old_Joe for the links. I think I will do this tomorrow.

  • Don't forget ChexSystems and Innovis! Folks/media tend to only think about the 'Big Three'. :)
  • Just wondering, when or where or how I ever gave these 3 entities + two I never heard of (thanks @rforno) the right to comb through any of my files or data batches to produce their rating/scores. Yes I know that it's all required to open accounts blah, blah, blah but how, when, where? Wouldn't just one of them be enough? Hell even today I had to give Intuit nearly everything but my first born in order to use their tax software. What does my phone number have to do with filing my taxes? Just ranting and raving because I can.
  • edited March 30
    Mark said:

    Just wondering, when or where or how I ever gave these 3 entities + two I never heard of (thanks @rforno) the right to comb through any of my files or data batches to produce their rating/scores. Yes I know that it's all required to open accounts blah, blah, blah but how, when, where? Wouldn't just one of them be enough? Hell even today I had to give Intuit nearly everything but my first born in order to use their tax software. What does my phone number have to do with filing my taxes? Just ranting and raving because I can.

    You don't own your purchase history or banking records -- the respective companies do. They in turn can sell/offer it to whomever they want, and in some cases, 'the market' thinks it's good to contribute such information to the credit agencies to build more detailed profiles on everyone.

    But that said, they're nowhere foolproof. I downloaded a controversial 'credit' report from a large data broker company mentioned recently in a major MSM article and was laughing not only what they collected but how hideously wrong or incomplete it was ... which only reinforced my sense that as a hacker, how I manage my information 'trail' and data leakage over the past 30-ish years has been for the most part quite good. :)
  • Mark said:

    Just wondering, when or where or how I ever gave these 3 entities + two I never heard of (thanks @rforno) the right to comb through any of my files or data batches to produce their rating/scores. Yes I know that it's all required to open accounts blah, blah, blah but how, when, where? Wouldn't just one of them be enough? Hell even today I had to give Intuit nearly everything but my first born in order to use their tax software. What does my phone number have to do with filing my taxes? Just ranting and raving because I can.

    Completely, true, valid, justified! I echo those sentiments!
  • You don't own your purchase history or banking records -- the respective companies do. They in turn can sell/offer it to whomever they want, and in some cases, 'the market' thinks it's good to contribute such information to the credit agencies to build more detailed profiles on everyone.

    My ass. They do it because it's profitable to them.

    But that said, they're nowhere foolproof. I downloaded a controversial 'credit' report from a large data broker company mentioned recently in a major MSM article and was laughing not only what they collected but how hideously wrong or incomplete it was ... which only reinforced my sense that as a hacker, how I manage my information 'trail' and data leakage over the past 30-ish years has been for the most part quite good. :)

    I wish I had those hacker skills of yours kid. I laugh also when I review my credit bureau reports for the same reasons. Despite numerous attempts to correct their info through their designated channels the same old wrong stuff still exists.

  • I have had credit freezes on al our accounts since we were notified ( years ago) that our data had been hacked three times in one year.

    Blue Cross Blue Shield

    Yale New Haven Hospital (this year got hacked again for third time !)

    and People's Bank. They lost an UNENCRYPTED DATA TAPE in the back seat of a company car. It had not only all the usual but also balances, net worth etc (we had to fill that out to open account) etc.

    I have never had to undo the freeze, although one small card we use would not increase our credit limit unless we did, although we have been customers for three decades. Visa our major card was more than happy to double it when we asked.

    Supposedly you can undo it for a day if you have to apply for credit.

    Since then, we have had our information stolen at least two times a year. This year we have already hit three.

    The only thing the companies who get hacked ever offer is "Credit monitoring", but this will not work if your account is frozen. So to take advantage of their "recompense" you have to undo the best defense against a real hack there is.
  • sma3 said:



    Supposedly you can undo it for a day if you have to apply for credit.

    Since then, we have had our information stolen at least two times a year. This year we have already hit three.

    The only thing the companies who get hacked ever offer is "Credit monitoring", but this will not work if your account is frozen. So to take advantage of their "recompense" you have to undo the best defense against a real hack there is.

    Yup. Easy to do -- you just have to remember to ask the vendor/bank/dealer which bureau they use so you can unfreeze the right account, otherwise it won't go thru.
  • @rforno - since you're more educated about these matters what would you advise other AT&T customers who have not been contacted by the company regarding the data breach to do with respect toward their accounts? I ask because my son's family has cellular service through AT&T but to date he has not been contacted. He's going forward on the premise that since he hasn't been contacted everything must be okey-dokey. Do you agree or might there be more maggots which just haven't hatched yet? TIA
  • Mark said:

    @rforno - since you're more educated about these matters what would you advise other AT&T customers who have not been contacted by the company regarding the data breach to do with respect toward their accounts? I ask because my son's family has cellular service through AT&T but to date he has not been contacted. He's going forward on the premise that since he hasn't been contacted everything must be okey-dokey. Do you agree or might there be more maggots which just haven't hatched yet? TIA

    I agree, there's never only one cockroach. Or, to put it another way, when it comes to breaking news, the first reports are usually wrong or only tell part of the story.

    So my advice is simple: be vigilant. And if you feel so inclined to change your passwords/PINs there, by all means.

    I'm on ATT myself but didn't recieve a notification (yet). I'm just watching for the moment.

  • edited April 1
    @Mark- You know, the AT&T thing is just the latest and maybe not even the greatest. It was the tipping point for us, though in retrospect I think that we should have frozen our info at the credit agencies a long time ago.

    • There have been and will continue to be so many personal info breaches from so many directions that it's almost guaranteed that at some point some entity will attempt to take advantage of us. Typically that's done by someone opening a credit account, activating a new credit card, or charging some major purchase in our name.

    If that happens, consider the amount of time and stress that will be required to sort all of that out.

    • It takes only a few minutes to establish an "account" at each of the three major credit agencies, and then instruct them to "freeze" that account. This operation is mandated by the federal government, and there is no charge to you.

    • Any legitimate business wanting to extend credit to us will need to check with one or more of those credit agencies before doing so. The freeze will prevent them from doing that.

    • Any illegitimate entity will also be prevented from doing that.

    • If you are attempting to establish a new line of credit or a new credit card, you can easily "unfreeze" or "refreeze" these information accounts at any time via the internet, thus allowing a legitimate business to proceed with the transaction.

    So this allows you to create a "window" to your credit history and activity, which you can easily open or close at will. It surely seems to me to be cheap insurance to avoid some potential real hassles.

    Again, here are Links to the "freeze" URLs for each of the three major credit agencies:

    Equifax

    Experian

    Transunion


    OJ
  • T-Mo was a HORROR SHOW in terms of repeated data breaches over the years. Like they were an annual event sometimes. I finally dumped them and went to T last January and it's been a much better experience ... plus I'm getting better rates/coverage, too.
  • AT&T has said that "the data set appears to be from 2019 or earlier", so hopefully anyone joining AT&T after that timeframe has not been compromised. Yet. Today. Maybe.
  • Wouldn't it be nice if the default for these credit rating agencies was to lock the accounts, and only be opened, temporarily, at request? Seems like that would be a fraud deterrent.
  • MikeM said:

    Wouldn't it be nice if the default for these credit rating agencies was to lock the accounts, and only be opened, temporarily, at request? Seems like that would be a fraud deterrent.

    Sure but they couldn't then sell access to marketing companies to spam you with solicitations, and they couldn't sell you their own credit monitoring services. In fact, they will bend over backwards to get you to setup 'alerts' instead of doing a 'freeze' or 'lock' of your records, b/c they can't monetize you that way.
  • CNET says that 2019 breach became known only in 2021. Lot of the data in the current breach is from 2019/2021, but there are also some fresh data from 2024. That says a lot about transparency by AT&T.
    https://www.cnet.com/tech/mobile/data-from-73-million-at-t-accounts-stolen-what-you-can-do-to-protect-yourself/
  • edited April 1
    Old_Joe said:

    AT&T has said that "the data set appears to be from 2019 or earlier", so hopefully anyone joining AT&T after that timeframe has not been compromised. Yet. Today. Maybe.

    They had some 75 million ex customers' data breached. Why are not there rules about what ex-customer data can be retained and for how long? Why did they need to keep SS# of ex-customers when they no longer worry about those customers' credit profile? If every company keeps all customers data for ever, we are just sitting ducks for the hackers.

    I think our elected politicians are the rascals that allow all these shenanigans continue.

    Are the data breaches in EU and Japan as prevalent as in the US?

  • "I think our elected politicians are the rascals that allow all these shenanigans continue."

    "Rascals" and "shenanigans" is a MUCH too gentle terminology.
  • Old_Joe said:

    "I think our elected politicians are the rascals that allow all these shenanigans continue."
    "Rascals" and "shenanigans" is a MUCH too gentle terminology.

    And our tax dollars pay their salaries. How many are already millionaires, eh? How many of them own good-sized chunks of these doinkless companies via the stock market? They don't want to make anything difficult for the spammers, advertisers, vermin. In another direction, just look at the exceptions allowed to the Do Not Call Registry: it includes themselves. They're as worthless as farts in the breeze.

  • edited April 2
    Remember, the Equifax breach affected EVERY American, including legislators at all levels. If *that* wasn't enough to spur them into taking more dramatic action to protect people's data and punish violators, nothing will.

    I'm reminded how little was done after Sandy Hook, where legislators essentially declared by their inaction that killing innocent kids was okay and that assault weapons weren't an issue worth worrying about.

    If events like Equifax or Sandy Hook or Covid-19 or climate change or - or -or other things that impact large swaths (if not all) of the country's citizenry don't spur legislators into taking productive and meaningful action to address such concerns, nothing will.

    Yes, I'm a bleepin' cynic.
  • @rforno

    the legislature responds to

    1) money ( most comes from special interests, but only because the average American wont contribute)

    2) Votes

    I believe if the American public voted and demanded change it would happen, but most are too busy streaming garbage.

    you can, of course, believe this garbage streaming is presented for a purpose
  • Like many posters here, I've been a victim of data breaches by ATT. And Equifax. And United Healthcare. And T-Mobile. etc.

    Corporate entities should be prohibited by law from collecting Social Security numbers and DOB. Neither of these data records is necessary for business to delivery a good or service. Its convenient for them to collect it, but its not necessary. My SSN and DOB could not be hacked, if the company did not require me to provide it as a condition of doing business with them. The convenience of these companies should not trump my right to have my vital information secure.

    I do not pay FICA payroll taxes to these corporate entities. And they will never send me a Social Security benefit. nor have these companies ever sent me a birthday card.

    If these companies need to 'identify' me, they can do so by relying on the credit cards I have. -- the banks who issue these cards have already proven my identity to them, that is why they issued me a credit card.
Sign In or Register to comment.