Why Corporations Fail to Protect Our Data ⇥ om.co

In March, a massive amount of AT&T customer data was leaked on a well-known marketplace. The data included extremely sensitive subscriber information, including Social Security Numbers that were apparently decrypted from how they were stored. AT&T initially denied its own systems were breached but, in a statement a couple of weeks later — apparently prompted by Zack Whittaker of TechCrunch — it acknowledged it or “one of its vendors” could be the source.

AT&T also said it was released on the “dark web” but, like, you can just Google the forum where they are available. It is a normal non-Tor website.

Anyway, Om Malik was a customer and expects some of his information is in this leak, and is not impressed with AT&T’s response:

These guys get in touch when you are late with your payment — but not when they can’t do their job. My initial reaction to the news was the all-too-familiar rage, and the all-too-often repeated four-letter words. AT&T wants you to sign up and get free monitoring from one of the three credit bureaus — which have been hacked at some point.

This is no different from what T-Mobile did when it was hacked. The problem with such actions is that it leads to nowhere — placing the entire responsibility on the citizen, who is left dealing with the mess created by large corporations through no fault of their own. […]

I think Malik is right. There is a sort of creeping pessimism that comes with a now-steady gush of data breaches because, it seems, so much has already been disclosed that the leak of another copy of your personal information only makes an already large pile a little bit bigger. But even though bad security practices should not go unpunished, a debilitating penalty for any corporation which fails to protect its records has little effect compared to the misery of each affected person for years.