This is Behind the Blog, where we share our behind-the-scenes thoughts about how a few of our top stories of the week came together. This week, we discuss embargoes, research papers, terminology and epic Reel pulls.
JOSEPH: Today AT&T announced one of the most significant data breaches in recent history: the theft of call and text metadata for “nearly all” of its customers. Telecoms are constantly hacked; in March, AT&T addressed another data breach of customer data. But this latest one is wholly different because of the type of data: what phone numbers each customer called or texted, information that is ordinarily only available to law enforcement under legal process.
I want to tell you how this story and the breach announcement came about because I’ve never quite seen a disclosure to the media like this either. On Thursday, I received an email from AT&T’s communications department. A spokesperson told me they had information they would like to share with me under embargo after trading markets closed in the U.S.
An embargo is when a company, researcher, or other source enters an agreement with a journalist to share information, but it can only be published after a specific date and time. Although I don’t personally do many stories that use embargoes, this is a very standard part of some reporting. One example would be cybersecurity researchers may be presenting some of their new work at a conference like Black Hat or DEF CON, and they would like to tell journalists about it, but don’t want, or can’t have, the article be published before their talk actually takes place. Sources may put embargoes in place because they protect information that could be abused if released too early (such as before a vulnerability has been fixed), or simply for their own benefit: a bunch of outlets all coming out with a story at the same time can create a wave of coverage for the source.