U.S. phone giant AT&T confirmed Friday it will begin notifying millions of consumers about a fresh data breach that allowed cybercriminals to steal the phone records of “nearly all” of its customers. TechCrunch:
In a statement, AT&T said that the stolen data contains phone numbers of both cellular and landline customers, as well as AT&T records of calls and text messages – such as who contacted who by phone or text – during a six-month period between May 1, 2022 and October 31, 2022. AT&T said some of the stolen data includes more recent records from January 2, 2023 for a smaller but unspecified number of customers.
The stolen data also includes call records of customers with phone service from other cell carriers that rely on AT&T’s network, the company said. […] In all, the phone giant said it will notify around 110 million AT&T customers of the data breach, company spokesperson Andrea Huguely told TechCrunch.
Same.
They want to collect all this data (though in this case, the data makes sense to have on file), but also shuffle it around to all kinds of other companies for “reasons”.
With so many (unnecessary) links in the chain, there’s always a weak one that gets breached. Always.
And, like you said, it’s on the user to deal with the fallout.