Trends
AT&T paid $370,000 to delete stolen customer data
AT&T faced criticism for reportedly paying a $370,000 ransom in Bitcoin to the ShinyHunters hacker group to delete stolen customer data, following negotiations mediated by an intermediary named Reddington, who also arranged similar deals for other victims.
Headline
AT&T faced criticism for reportedly paying a $370,000 ransom in Bitcoin to the ShinyHunters hacker group to delete stolen customer data, following negotiations mediated by an intermediary named Reddington, who also arranged similar deals for other victims.
Context
OUR TAKE The AT&T ransom payment to ShinyHunters highlights the escalating cyber threats and the ambiguous legal territory for US companies. With potential legal ramifications and the proposed Ransomware Act, businesses face challenging decisions balancing data recovery and integrity against fuelling the ransomware economy. Robust cybersecurity and clear legal guidance are essential. –Vicky Wu, BTW reporter AT&T has recently become embroiled in controversy over allegations that it paid a significant ransom to a hacker to destroy customer data illicitly seized during a series of cyberattacks this year. The hacker, part of the notorious ShinyHunters group, reportedly demonstrated data deletion to AT&T via a video after receiving a reduced ransom of approximately $370,000 in Bitcoin, negotiated down from the initial $1 million demand.
Evidence
Pending intelligence enrichment.
Analysis
The negotiations were mediated by an individual known as Reddington, acting on behalf of ShinyHunters. While Reddington assured that the primary data cache was eradicated post-payment, he conceded that some data fragments could remain undiscovered. Furthermore, he admitted to arranging comparable ransom deals for other companies victimised by ShinyHunters. Prior to AT&T’s breach disclosure, Ticketmaster and Santander Bank were also targeted, with the attacks linked to compromised Snowflake credentials. Following the Ticketmaster breach, it was discovered that hackers used an automated script to attack over 160 companies, indicative of a broad, systematic cyber assault. Also read: SoftBank of Japan acquires British AI chipmaker Graphcore Also read: GSMA promotes spread of smartphones in poor countries
Key Points
- AT&T faced criticism for reportedly paying a $370,000 ransom in Bitcoin to the ShinyHunters hacker group to delete stolen customer data, following negotiations mediated by an intermediary named Reddington, who also arranged similar deals for other victims.
- Prior to AT&T, attacks on Ticketmaster and Santander Bank, linked to compromised Snowflake credentials, revealed a widespread cyber assault involving over 160 companies targeted by an automated script.
Actions
Pending intelligence enrichment.
