In This Story
AT&T paid $380,000 to hackers to delete sensitive customer data from a massive leak in April.
AT&T disclosed last week that hackers this year obtained and leaked data from “nearly all” of its customers as part of a larger cyberattack campaign. It was one of the worst security breaches of a U.S. telecom company to date, Bloomberg reported.
AT&T reported that records of calls and texts between May and October of 2022 were illegally downloaded by the “threat actors” from a third-party cloud service (Snowflake) the company uses. AT&T said it learned of the issue in April and has been working with cybersecurity experts to “understand the nature and scope of the criminal activity.” According to Bloomberg, the company also made the ransom payment in the form of Bitcoin.
The stolen data included telephone numbers and cell site IDs — information that could be used to locate customers’ names and locations. Other sensitive data, such as the content of texts, Social Security numbers and birth dates, were not leaked.
The hackers said they erased the data after the payment. While their identities are unknown, three sources told 404 Media that a U.S. citizen who is incarcerated in Turkey named John Binns was connected to the cyberattack.
Past ransom payments to hackers made by other companies far exceed AT&T’s, Bloomberg reported.
“For a big company like AT&T, $380,000 is a drop in the ocean,” said Jon DiMaggio, chief security strategist at Analyst1, told Bloomberg.
By the numbers
$380,000: Ransom payment by AT&T
$1 million: How much the hacker initially demanded from AT&T before being bargained down, according to Wired
$30 billion: AT&T’s first quarter revenue in 2024
150: How many companies have had their data stolen from poorly secured accounts with the cloud software provider Snowflake, Wired reported