Ransomware hackers say AT&T paid about $400,000 to delete sensitive data

A hacker who claimed to have stolen sensitive call and text records from U.S. telecommunications company AT&T said they were paid about $400,000 in ransom to delete the data. An analysis of the Bitcoin wallet addresses provided by the hacker showed a transaction in mid-May that matched the ransom payment. A person familiar with the ransomware negotiations confirmed the payment from AT&T to the hacker, and it is not clear whether AT&T paid the hacker through a third party. An AT&T spokesperson declined to comment on whether the company paid the ransom to curb the consequences of the hack. The FBI and the Department of Justice also declined to comment on the alleged payment. It is reported that the attack may have exposed a large number of call and text records of almost all wireless users during the six months of 2022. The scope and details of the data, including some location information, pose a national security risk. Some experts pointed out that the alleged ransom amount seems very low compared to other recent high-profile ransomware incidents. The leak is also one of many leaks related to the security incident of data analysis software provider Snowflake Inc., which is still dealing with the reputational damage caused by the incident. Chainalysis examined the payment records provided by the hackers and compared them with information on the blockchain. The company said it appeared to be a ransom payment, with someone depositing about $380,000 worth of Bitcoin at the time into a digital wallet identified by the hackers, and a smaller amount of funds was subsequently transferred from that wallet to another wallet of a known hacker. It could not be determined whether the initial Bitcoin payment was paid by AT&T. (Bloomberg)