Adrian Johnson
TLDR:
- AT&T’s board failed to protect the privacy of over 100 million customers, leading to a massive data breach by hackers.
- The board lacked awareness and focus on cybersecurity, with only minimal mentions in the proxy statement.
AT&T’s board, filled with former CEOs, should have demanded better security measures after hackers exfiltrated files of over 100 million customers’ data. The stolen records contained sensitive information like voice and text contact numbers, frequency, duration, and cell tower locations. This breach raised concerns among federal investigators, prompting the U.S. Department of Justice to intervene. The incident highlighted AT&T’s dismissive approach to cybersecurity, evident in the minimal mentions of cybersecurity in the proxy statement. Despite previous breach history, the board’s lack of attention to cyber risk poses significant challenges for CEO John Stankey. With regulatory fines, potential lawsuits, and reputational damage looming, the board’s focus on crisis navigation may overshadow its stewardship responsibilities, ultimately risking the privacy and security of millions of customers.
