AT&T reportedly paid approximately $370,000 to a hacker to delete customer data stolen during a series of cyberattacks earlier this year, as detailed in a recent report by Wired.
According to Wired, AT&T engaged in negotiations through an intermediary named Reddington, representing a member of the ShinyHunters hacking group. Initially demanding $1 million, the hacker eventually settled for the negotiated amount, paid in bitcoin on May 17th.
Reddington, compensated by AT&T for his role in the negotiations, expressed confidence that the sole complete copy of the data was deleted following the ransom payment. However, there remains a possibility that fragments of the data could still be accessible. He also disclosed negotiating similar deals with other companies on behalf of the hackers.
Prior to AT&T’s public disclosure of the breach, reports indicated that Ticketmaster and Santander Bank were also affected, stemming from stolen login credentials of a Snowflake employee, a third-party cloud storage provider. Wired further noted that hackers utilized a script to exploit potential vulnerabilities across more than 160 companies simultaneously after the Ticketmaster incident.