AT&T paid $380,000 to hackers to delete sensitive customer data from a massive leak in April.
AT&T revealed last week that hackers had accessed and leaked data from “nearly all” of its customers as part of a broader cyberattack campaign. This breach is considered one of the worst security incidents for a U.S. telecom company to date, as reported by Bloomberg.
The compromised records, detailing calls and texts between May and October 2022, were illegally downloaded from a third-party cloud service (Snowflake) used by AT&T. The company became aware of the breach in April and has been collaborating with cybersecurity experts to assess the extent of the damage. According to Bloomberg, the ransom payment was made in Bitcoin.
The leaked data included telephone numbers and cell site IDs, which could potentially be used to identify customers’ names and locations. However, more sensitive information, such as the content of texts, Social Security numbers, and birth dates, was not leaked.
The hackers reportedly erased the data after receiving the payment. While their identities remain unknown, three sources informed 404 Media that John Binns, a U.S. citizen currently incarcerated in Turkey, was linked to the cyberattack.
Past ransom payments to hackers by other companies have been significantly higher than what AT&T paid, according to Bloomberg.
“For a big company like AT&T, $380,000 is a drop in the ocean,” stated Jon DiMaggio, chief security strategist at Analyst1, in an interview with Bloomberg.
By the numbers:
– $380,000: Ransom payment by AT&T
– $1 million: Initial ransom demand from the hacker, as reported by Wired
– $30 billion: AT&T’s first quarter revenue in 2024
– 150: Number of companies whose data was stolen from poorly secured accounts with the cloud software provider Snowflake, according to Wired