If you're pissed off about this AT&T data breach (and you should be), then you're probably asking why the hell AT&T would even keep this kind of data around to begin with. The answer is probably "because the US Government required them to" along with "because your Congressional representative and Senator sold you out." Details are limited so far, and I'm just speculating based on public reporting, but it's starting to smell like a breach of back end systems supporting law enforcement access.

We don't demand privacy just because we question the motives and trustworthiness of our law enforcement officers and government officials, but also because we can't trust that the panopticon systems they demand can be kept secure. A surveillance state makes us all vulnerable when it is inevitably breached. We're doing all the hard work for the spies and criminals that mean us harm.

And if you think AT&T or any service provider can operate a surveillance system that can securely authenticate not just their own people, but also any of the approximately 900k law enforcement agents from any of the approximately 18k law enforcement agencies scattered across the US, then I've got a bridge to sell you. Yes, AT&T and Snowflake deserve to get their asses handed to them for their likely abject failures (or more likely, delivering settlement checks of $0.37 to each of their customers along with a subscription to a useless identity protection service), but securing this kind of system is close to impossible.

Reporting from @zackwhittaker:
https://techcrunch.com/2024/07/12/att-phone-records-stolen-data-breach/

Stats from:
https://en.wikipedia.org/wiki/Law_enforcement_in_the_United_States

(UPDATE: Per @briankrebs AT&T is apparently denying this was a breach of a law enforcement portal, but the scope of the denial is unclear to me. Maybe it's misleading spin, and they're only denying that the law enforcement-facing portal itself was breached, but leaving open the possibility that the adversaries bypassed the portal and went straight for a Snowflake-hosted backend supporting it. Or maybe the compromised Snowflake account was used for some other purpose entirely that had nothing to do with current or anticipated future government and law enforcement demands: https://infosec.exchange/@briankrebs/112774877396175475)