AT&T paid $380,000 to hackers to delete sensitive customer data from a massive leak in April.
AT&T disclosed last week that hackers obtained and leaked data from “nearly all” of its customers as part of a significant cyberattack campaign earlier this year. This incident is considered one of the most severe security breaches of a U.S. telecom company to date, according to Bloomberg.
Records of calls and texts between May and October 2022 were illegally downloaded from a third-party cloud service (Snowflake) that AT&T uses, the company reported. AT&T said it became aware of the breach in April and has since been collaborating with cybersecurity experts to understand the extent of the criminal activity. Bloomberg noted that the ransom payment was made in the form of Bitcoin.
The stolen data included telephone numbers and cell site IDs, which could be used to determine customers’ names and locations. However, other sensitive information, such as the content of texts, Social Security numbers, and birthdates, was not leaked.
The hackers claimed they erased the data after receiving the payment. Though their identities remain unknown, three sources told 404 Media that a U.S. citizen imprisoned in Turkey named John Binns was linked to the cyberattack.
According to Bloomberg, past ransom payments to hackers by other companies have far exceeded AT&T’s payment.
“For a big company like AT&T, $380,000 is a drop in the ocean,” said Jon DiMaggio, chief security strategist at Analyst1, in an interview with Bloomberg.
Notable Figures:
$380,000: AT&T’s ransom payment
$1 million: Initial ransom demanded by the hacker before being negotiated down, according to Wired
$30 billion: AT&T’s first-quarter revenue in 2024
150: Number of companies that have had their data stolen from poorly secured accounts with the cloud software provider Snowflake, as reported by Wired