AT&T paid $380,000 to hackers to delete sensitive customer data from a significant data leak in April.
AT&T disclosed last week that hackers obtained and leaked data from almost all of its customers as part of a larger cyberattack campaign. This incident is considered one of the worst security breaches of a U.S. telecom company to date, according to Bloomberg.
AT&T reported that records of calls and texts between May and October 2022 were illegally downloaded by the “threat actors” from a third-party cloud service, Snowflake, that the company uses. AT&T said it learned of the issue in April and has been working with cybersecurity experts to “understand the nature and scope of the criminal activity.” The company also made the ransom payment in Bitcoin, Bloomberg reported.
The stolen data included telephone numbers and cell site IDs, which could be used to locate customers’ names and locations. However, other sensitive data, such as the content of texts, Social Security numbers, and birth dates, were not leaked.
The hackers claimed they erased the data after receiving the payment. While their identities remain unknown, three sources told 404 Media that a U.S. citizen incarcerated in Turkey named John Binns was connected to the cyberattack.
According to Bloomberg, past ransom payments made by other companies to hackers have far exceeded AT&T’s payment.
“For a big company like AT&T, $380,000 is a drop in the ocean,” Jon DiMaggio, chief security strategist at Analyst1, told Bloomberg.
By the numbers:
$380,000: Ransom payment by AT&T
$1 million: The initial demand from the hacker, later bargained down by AT&T, according to Wired
$30 billion: AT&T’s first quarter revenue in 2024
150: The number of companies that have had their data stolen from poorly secured accounts with the cloud software provider Snowflake, Wired reported