It depends, was the Credit card statements laying out where anyone could see them, on the coffee table, that is the only way yoru analogy works.
They weren't public, there just wasn't any extra authentication / authorisation required to access the data. There's a difference between given permission to access files and being technically able to access files. Yes AT&T are on the hook for not securing their files properly, but that's a different issue. I'm pretty sure you could walk into HR at your employer and physically open a filing cabinet and start looking at the personnel records, but I wouldn't like to comment on the permanence of your employment afterwards. You don't, because you know you shouldn't.
What if I put up a website, thaylin.net, then you go to it, can I then claim you hacked my system and went to the page without authorization ?
If I go to thaylin.net and notice that your server is poorly configured and susceptible to directory traversal, have I hacked your system? If all we're doing is manipulating the URL, "../../../" is just part of the string. All of your files are open for me to access, I just noticed how to do it. Is your permission to access the files implied, just because I can?
A lie. You should have been able to tell - his lips moved.
A good politician doesn't lie on paper; He can't claim he was quoted out of context if he wrote it down himself.
System going down in 5 minutes.