And, honestly, how is this info (which I WOULD want to know) meaningfully actionable to customers. We get our information stolen from a myriad of sources everyday. These companies do comparatively nothing to make things right and the burden falls on customers to pick up the pieces if you're in a tranch that is sold and used.
Of course it's not meaningfully actionable to customers, big time lag in not disclosing since Apr 19. (Why does this not fall under SOX violation with the obligation to report timely to affected parties? It has affected AT&T's stock price -3% in early trading, so should it have also required SEC disclosure?)
Wondering what is the significance that most of the stolen records were from the period 5/1-10/31/2022? Does it mean that AT&T enabled 2FA on more recent records, or that more recent records were on a different cloud bucket (or that they mostly stopped using Snowflake since)?
Because AT&T reported it to the FBI and DOJ, they in turn requested AT&T to not disclose it and there are exceptions in the SEC rules for exactly that scenario of actively working with law enforcement.
Regarding 2FA, it probably means they just enabled it in their access rules for any access to snowflake, but it's highly unlikely AT&T will walk away from Snowflake anytime soon because it had become their preferred BI/Data Analytics platform and they were actively migrating several hundred TBs of data out of Hadoop to Snowflake.
