AT&T has paid the hacker gang ShinyHunters only $370,000 (over 331,000 euros) for the removal of almost all customer data captured in a breach. This is far less than the $1 million demanded by the hackers.
AT&T negotiated with the hackers of hacker gang ShinyHunters, known for recent Snowflake hacks, to remove the stolen data.
According to Wired, the telecom company reportedly dipped far below the $1 million demanded. In the end, AT&T paid only $370,000. On May 17 of this year, the amount was reportedly paid by AT&T in the form of 5.8 Bitcoin on a Bitcoin wallet controlled by the hackers.
AT& has not commented on these reports.
Hack at AT&T
AT&T announced a few days ago that hackers managed to steal the data of almost all mobile customers through a breach. This involved the period between May 1, 2022 and October 31, 2022 and on January 2, 2023.
In particular, this involved data such as calls and text messages sent to with landline (AT&T) phone numbers. In part, the mobile locations of these calls were also included. the number of calls made and their duration. The content of the calls and text messages was not captured.
Paying ransom in US not uncommon
It is obviously remarkable that AT&T responds to the extortion of hackers. Authorities often urge especially not to pay and to cooperate in investigations of to track down and prosecute the possible hackers.
Yet in the United States, it is relatively common for companies to be willing to accede to the demands of hackers in cyberattacks involving the capture of sensitive data. Payment of ransoms, however, must be made after approval from U.S. authorities. If they do not, companies can expect sanctions.
This year, the U.S. government plans to pass a law, the Ransomware and Financial Stability Act 2024, which prohibits large companies from paying ransoms of more than $100,000 in cyber attacks. This should counteract the “incentive” to carry out a ransomware attack, since there is no more than $100,000 to collect. It should also provide more regulatory oversight for these types of ransomware transactions.