Did AT&T Pay $400,000 In Bitcoin To Data Hackers?

As a researcher with a background in cybersecurity and data privacy, I find the allegations against AT&T Inc. deeply concerning. The reported ransom payment of $400,000 to hackers who stole sensitive call and text logs from almost all of its wireless customers over six months is not only a significant breach of trust but also poses serious national security risks.


Recent disclosures indicate that AT&T Inc., the telecommunications behemoth, is under scrutiny for reportedly making payments to hackers who claimed to have breached their network and obtained confidential data in 2022. According to one of the hackers’ statements, the corporation purportedly transferred $400,000 as part of this alleged transaction, resembling a ransom payment.

The AT&T Ransomware Payment to Hackers

Based on a Bloomberg article, the hacker allegedly obtained $400,000 in ransom money from AT&T by threatening to release a vast collection of stolen call and text logs belonging to their nearly six-month-long victim pool of AT&T’s wireless customers.

The media’s attempts to elicit a response from the multinational telecommunications holding company concerning the hacker’s allegation of a ransom payment were unsuccessful. Likewise, the FBI and the Department of Justice declined to confirm if such a payment had been made by the company at that point in time.

As a ransomware analyst with expertise in this field, I can confirm that a source who requested anonymity due to the sensitive nature of the information disclosed that AT&T made a ransom payment to the hacker. Furthermore, an examination of the provided Bitcoin wallet address uncovered a transaction suspected to be an extortion payment, which occurred approximately in mid-May.

Based on Chainalysis’ examination of the publicly available ledger, it has been discovered that an unknown entity transferred Bitcoin worth approximately $380,000 into the given wallet address – which was allegedly provided by the hacker as part of an extortion demand.

Following this event, a lesser sum was transferred from AT&T’s wallet to that of a notorious hacker, according to Chainalysis’ reports. Nevertheless, the firm couldn’t confirm or prove whether AT&T had instigated the transaction.

It is also not clear if the telecommunication company used an intermediary.

Historic Ransomware Payments

The hacker presented evidence in the form of a seven-minute video and some information as confirmation that they had deleted the stolen data from AT&T’s system, keeping their promise in the deal.

Some analysts argue that given the delicate nature and potential danger of the allegedly taken data, which involved national security concerns, the $400,000 ransom paid seems insufficient. They point out that in other instances of ransomware attacks against corporations, larger sums have been demanded and paid.

In 2021, Colonial Pipeline Company suffered a data breach that resulted in a significant consequence. The cyberattack compelled the company to halt its pipeline operations, leading to a payment of $4.4 million to the hackers involved. This event disrupted gas supplies along the East Coast of the United States.

Read More

2024-07-15 00:57