In a significant cybersecurity incident, U.S telecommunications giant AT&T has reportedly paid the sum of $370,000 ransom, after a massive data breach.
The data breach which occurred earlier this year, exposed the personal information of millions of AT&T customers. Hackers from Shiny Hunters infiltrated the company’s network, gaining access to a wealth of sensitive data from the cloud data giant Snowflake.
The breach also includes data from customers of mobile virtual network operators using AT&T’s wireless network and landline customers who interacted with the exposed cellular numbers between 1 May and 31 October 2022.
Tekedia Mini-MBA edition 16 (Feb 10 – May 3, 2025) opens registrations; register today for early bird discounts.
Tekedia AI in Business Masterclass opens registrations here.
Join Tekedia Capital Syndicate and invest in Africa’s finest startups here.
In response to this breach, AT&T paid a member of ShinyHunters $370,000 to delete the data and provide a video demonstrating proof of deletion. The hacker had initially demanded $1m from AT&T but eventually accepted a third of the sum.
A company spokesperson told TechCrunch last week,
“We launched an investigation and engaged leading cybersecurity experts to understand the nature and scope of the criminal activity. We have taken steps to close off the illegal access point. The data does not contain the content of calls or texts, personal information such as social security numbers, dates of birth, or other personally identifiable information. While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a specific telephone number”.
AT&T’s decision to pay the ransom has sparked a debate about the ethics and effectiveness of such actions. Critics have continued to argue that paying ransomware encourages further attacks by validating the business model of cybercriminals. However, companies often find themselves in a difficult position, weighing the immediate need to protect their customers and operations against the broader implications of their actions.
In response to the breach, AT&T has announced a series of measures aimed at strengthening its cybersecurity defenses. The company is investing in advanced security technologies, conducting comprehensive audits of its systems, and enhancing employee training programs to better detect and respond to potential threats.
An AT&T spokesperson pointed out that the customer data was stolen from the cloud data giant Snowflake, noting that various high-profile companies that use Snowflake’s services have been targeted in recent months by cyber attackers.
A case study is global ticketing company Ticketmaster, which was dealt a severe blow last month after a group of hackers called ShinyHunters stole the personal details of some 560 million customers globally. The stolen data trove reportedly includes names, addresses, phone numbers, and partial credit card information.
The Ticketmaster breach was linked to attacks against its cloud provider Snowflake, which has also affected at least six companies so far, including the financial services giant Santander.
These breaches serve as a constant reminder of the pervasive and evolving threat of cyberattacks. Businesses across all sectors are increasingly becoming targets, and the financial and reputational damage from such incidents can be severe. This event highlights the critical importance of robust cybersecurity practices and the need for ongoing vigilance and investment in security infrastructure.