AT&T pays hacker $370K in cryptocurrency to delete stolen customer data – ET CISO
https://etimg.etb2bimg.com/thumb/msid-111761158,imgsize-42266,width-1200,height=765,overlay-etciso/data-breaches/att-pays-hacker-370k-in-cryptocurrency-to-delete-stolen-customer-data.jpg
US telecommunications giant AT&T reportedly paid a hacker $370,000 to delete millions of stolen customer records, according to a report by Wired. The payment, made in cryptocurrency, was part of a negotiation to secure the deletion of sensitive customer data obtained through a major security breach.
The hacker, believed to be a member of the ShinyHunters hacking group, initially demanded $1 million but settled for the lower amount after negotiations. AT&T made the payment on May 17th in the form of 5.7 bitcoin, which was then worth over $370,000. The company requested video proof of the data’s deletion as part of the agreement.
The breach, which occurred between May 2022 and January 2023, exposed call and text message metadata for millions of AT&T customers. While AT&T claims the stolen information did not include message content or customer names, a security researcher found that reverse lookups could potentially identify individuals associated with the compromised phone numbers.
This incident is part of a larger hacking campaign that targeted over 150 companies through poorly secured cloud storage accounts hosted by Snowflake. Other affected companies include Ticketmaster, Advance Auto Parts, and Santander Bank.
The Federal Communications Commission (FCC) has launched an investigation into the breach. AT&T states it has taken steps to close the illegal access point and is cooperating with law enforcement to apprehend those responsible.
While the full dataset was reportedly deleted, security experts warn that AT&T customers may still be at risk if samples of the data remain in circulation. The company maintains that it does not believe the data is publicly available.