Close Menu
    Facebook LinkedIn YouTube Instagram X (Twitter)
    Blue Tech Wave Media
    Facebook LinkedIn YouTube Instagram X (Twitter)
    • Home
    • Leadership Alliance
    • Exclusives
    • Internet Governance
      • Regulation
      • Governance Bodies
      • Emerging Tech
    • IT Infrastructure
      • Networking
      • Cloud
      • Data Centres
    • Company Stories
      • Profiles
      • Startups
      • Tech Titans
      • Partner Content
    • Others
      • Fintech
        • Blockchain
        • Payments
        • Regulation
      • Tech Trends
        • AI
        • AR/VR
        • IoT
      • Video / Podcast
    Blue Tech Wave Media
    Home » AT&T paid $370,000 to delete stolen customer data
    AT&T-cyberattack-July-15
    AT&T-cyberattack-July-15
    IT Infrastructure

    AT&T paid $370,000 to delete stolen customer data

    By Vicky WuJuly 15, 2024No Comments3 Mins Read
    Share
    Facebook Twitter LinkedIn Pinterest Email
    • AT&T faced criticism for reportedly paying a $370,000 ransom in Bitcoin to the ShinyHunters hacker group to delete stolen customer data, following negotiations mediated by an intermediary named Reddington, who also arranged similar deals for other victims.
    • Prior to AT&T, attacks on Ticketmaster and Santander Bank, linked to compromised Snowflake credentials, revealed a widespread cyber assault involving over 160 companies targeted by an automated script.

    OUR TAKE
    The AT&T ransom payment to ShinyHunters highlights the escalating cyber threats and the ambiguous legal territory for US companies. With potential legal ramifications and the proposed Ransomware Act, businesses face challenging decisions balancing data recovery and integrity against fuelling the ransomware economy. Robust cybersecurity and clear legal guidance are essential.
    –Vicky Wu, BTW reporter

    What happened

    AT&T has recently become embroiled in controversy over allegations that it paid a significant ransom to a hacker to destroy customer data illicitly seized during a series of cyberattacks this year. The hacker, part of the notorious ShinyHunters group, reportedly demonstrated data deletion to AT&T via a video after receiving a reduced ransom of approximately $370,000 in Bitcoin, negotiated down from the initial $1 million demand.

    The negotiations were mediated by an individual known as Reddington, acting on behalf of ShinyHunters. While Reddington assured that the primary data cache was eradicated post-payment, he conceded that some data fragments could remain undiscovered. Furthermore, he admitted to arranging comparable ransom deals for other companies victimised by ShinyHunters.

    Prior to AT&T’s breach disclosure, Ticketmaster and Santander Bank were also targeted, with the attacks linked to compromised Snowflake credentials. Following the Ticketmaster breach, it was discovered that hackers used an automated script to attack over 160 companies, indicative of a broad, systematic cyber assault.

    Also read: SoftBank of Japan acquires British AI chipmaker Graphcore

    Also read: GSMA promotes spread of smartphones in poor countries

    Why it’s important

    US-based companies, including AT&T, navigate a complex legal landscape when responding to ransom demands, despite no blanket prohibition on paying ransoms. However, severe warnings from the US Department of Treasury’s OFAC and FinCEN caution that payments to sanctioned cybercriminals could lead to prosecution, unless authorised by the government. Against this backdrop, the proposed Ransomware and Financial Stability Act of 2024 seeks to tighten regulations, aiming to prevent major corporations from paying ransoms over $100,000 without federal law enforcement approval, thereby reducing the financial incentive for ransomware attacks.

    Central to these events is the notorious hacking group ShinyHunters, which emerged in 2020 and rapidly became infamous for its audacious attacks and high-profile data breaches. The group’s tactics include breaching company databases, extracting data, and either demanding ransom or selling the information on dark web marketplaces like BreachForums. Recent incidents underscore ShinyHunters’ ongoing threat: they breached a third-party provider connected to Snowflake Inc., compromising clients such as TicketMaster Enterprise and Advance Auto Parts.

    These events highlight the group’s persistence and ability to cause widespread harm across various industries. The situation reflects the evolving challenges in cybersecurity and the urgent need for robust legislation and corporate strategies to combat ransomware effectively.

    AT&T cyberattacks ShinyHunters
    Vicky Wu

    Vicky is an intern reporter at Blue Tech Wave specialising in AI and Blockchain. She graduated from Dalian University of Foreign Languages. Send tips to v.wu@btw.media.

    Related Posts

    Tesla inks $16.5B chip deal with Samsung

    July 29, 2025

    Morocco to invest $8.9B in 5G expansion by 2030

    July 29, 2025

    Nokia drives Medusa cable linking Europe and Africa

    July 29, 2025
    Add A Comment
    Leave A Reply Cancel Reply

    CATEGORIES
    Archives
    • July 2025
    • June 2025
    • May 2025
    • April 2025
    • March 2025
    • February 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • September 2024
    • August 2024
    • July 2024
    • June 2024
    • May 2024
    • April 2024
    • March 2024
    • February 2024
    • January 2024
    • December 2023
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • July 2023

    Blue Tech Wave (BTW.Media) is a future-facing tech media brand delivering sharp insights, trendspotting, and bold storytelling across digital, social, and video. We translate complexity into clarity—so you’re always ahead of the curve.

    BTW
    • About BTW
    • Contact Us
    • Join Our Team
    TERMS
    • Privacy Policy
    • Cookie Policy
    • Terms of Use
    Facebook X (Twitter) Instagram YouTube LinkedIn

    Type above and press Enter to search. Press Esc to cancel.