AT&T Pays $373K Ransom After Massive Data Breach of Wireless Customers
Recently, the American telecommunications giant AT&T reported another significant data breach involving its customers. Malefactors gained access to information on nearly all AT&T wireless subscribers, as well as customers of mobile virtual network operators (MVNOs) utilizing the company’s network.
According to WIRED, AT&T paid one of the hackers for the deletion of the stolen data. The cybercriminal provided journalists with evidence of the transaction, which occurred on May 17. The payment amounted to approximately 5.72 bitcoins, equating to $373,646 at the time of the transaction. Initially, the hackers demanded a million dollars from AT&T but ultimately settled for a third of that amount. As proof of the data deletion, the hacker provided the company with a video.
AT&T became aware of the data breach in mid-April. The hacker, John Erin Binns, allegedly responsible for the theft, contacted a security researcher known by the pseudonym Reddington. Binns revealed that he accessed the call records and messages of millions of AT&T customers through the poorly secured Snowflake cloud storage system.
Meanwhile, the Snowflake incident, which we have covered extensively, affected approximately 165 companies, including Ticketmaster, Santander Bank, and Neiman Marcus. Depending on the organization’s size, the hackers demanded ransoms ranging from $300,000 to $5 million.
The information stolen from AT&T included metadata of calls and text messages but did not contain the names of phone owners or the content of conversations. Nevertheless, the hackers demonstrated how easily phone owners could be identified using reverse lookup software.
AT&T stated that the breach impacted “nearly all” of the company’s wireless customers, as well as subscribers of other carriers who communicated with AT&T customers between May 1 and October 31, 2022, and on January 2, 2023.
The company disclosed the data breach on July 14, despite having known about it since April. The delay was attributed to a deferral granted by the U.S. Department of Justice for national security reasons.
Previously, AT&T had repeatedly fallen victim to hacker attacks. The last major breach affecting 70 million customers occurred in 2021; however, in 2024, this same data resurfaced on a hacker forum, this time free for cybercriminals. The company long denied the authenticity of this leak but eventually conceded and acknowledged the breach.
