Personal information of 7.6 million AT&T customers and of 65 million former AT&T customers have appeared on the dark web in the last two weeks. Stuff happens, even egregiously bad stuff. What makes this stuff especially egregiously bad, though, is AT&T‘s claim that the data appear[] to have come from 2019 or earlier.
That especially bad status flows from some questions:
Why wasn’t the data breach discovered those 5 or more years earlier; why did AT&T not know of the breach of its own systems until they saw the results of the breach just recently?