AT&T has revealed that it paid $380,000 to hackers who obtained and leaked sensitive customer data in a massive breach that occurred in April. This cyberattack targeted “nearly all” of the telecom company’s customers, marking one of the worst security incidents in the sector’s history, according to Bloomberg.
The breach involved the illegal download of records of calls and texts made between May and October 2022 from a third-party cloud service, Snowflake, which AT&T utilizes. Upon discovering the issue in April, AT&T began working with cybersecurity experts to assess the damage and scope of the criminal activity. The ransom payment was reportedly made in Bitcoin.
The hackers accessed telephone numbers and cell site IDs, which can be used to pinpoint customer names and locations. However, more sensitive data, such as the content of text messages, Social Security numbers, and birth dates, were not leaked.
Following the payment, the hackers claimed to have erased the stolen data. Although their identities remain unidentified, sources informed 404 Media that John Binns, a U.S. citizen currently incarcerated in Turkey, might be linked to the cyberattack.
Comparable ransom demands to other companies have often been much higher than the amount paid by AT&T. “For a big company like AT&T, $380,000 is a drop in the ocean,” Jon DiMaggio, chief security strategist at Analyst1, commented to Bloomberg.
Key Figures:
– $380,000: Ransom paid by AT&T
– $1 million: Initial ransom demand by the hackers, according to Wired
– $30 billion: AT&T’s first quarter revenue in 2024
– 150: Number of companies that have had data stolen due to poorly secured accounts with Snowflake, as reported by Wired