AT&T paid $380,000 to hackers to delete sensitive customer data that was leaked in April.
Last week, AT&T revealed that hackers had accessed and leaked data from nearly all of its customers as part of a larger cyberattack. This breach ranks among the most severe security incidents for a U.S. telecom company, according to Bloomberg.
AT&T reported that the records of calls and texts from May to October 2022 were illegally downloaded by hackers from a third-party cloud service, Snowflake, which the company uses. AT&T became aware of the breach in April and has since been working with cybersecurity experts to investigate the scope of the criminal activity. The $380,000 ransom payment was made in Bitcoin, as noted by Bloomberg.
The leaked data included telephone numbers and cell site IDs, which could potentially be used to identify customers. However, sensitive information such as the content of texts, Social Security numbers, and birth dates was not compromised.
The hackers claimed to have erased the data following the ransom payment. Although their identities remain unknown, three sources indicated to 404 Media that John Binns, a U.S. citizen imprisoned in Turkey, was connected to the cyberattack.
Comparatively, past ransom payments to hackers made by other companies have often far exceeded AT&T’s payment, Bloomberg reported.
“For a big company like AT&T, $380,000 is a drop in the ocean,” Jon DiMaggio, chief security strategist at Analyst1, told Bloomberg.
Key Numbers:
– $380,000: Ransom payment by AT&T
– $1 million: Initial ransom demand from the hacker before negotiations, according to Wired
– $30 billion: AT&T’s first quarter revenue in 2024
– 150: Companies whose data has been stolen from poorly secured Snowflake accounts, according to Wired