AT&T paid $380,000 to hackers to delete sensitive customer data following a massive leak in April. In a major security breach, hackers obtained and leaked data from nearly all of AT&T’s customers, marking one of the worst breaches for a U.S. telecom company.
The company revealed that records of calls and texts from May to October 2022 were illegally downloaded from a third-party cloud service, Snowflake. AT&T learned of the issue in April and has since collaborated with cybersecurity experts to assess the criminal activity. The ransom payment was made in Bitcoin.
The leaked data included telephone numbers and cell site IDs, which could potentially reveal customer names and locations. However, more sensitive information such as the content of texts, Social Security numbers, and birthdates was not compromised. The hackers claimed they deleted the data after receiving the payment.
While the identities of the hackers remain unknown, sources indicated that John Binns, a U.S. citizen incarcerated in Turkey, was connected to the cyberattack. Previous ransom payments by other companies have far exceeded AT&T’s amount.
Jon DiMaggio, chief security strategist at Analyst1, noted that for a large company like AT&T, $380,000 is insignificant.
Numbers related to the incident include:
– $380,000: The ransom payment made by AT&T.
– $1 million: The initial ransom demand before negotiation.
– $30 billion: AT&T’s first-quarter revenue in 2024.
– 150: The number of companies that had data stolen from poorly secured accounts with Snowflake.