US telecom company AT&T acknowledged that hackers stole the call records of millions of its customers. The company paid over $300,000 to a member of the hacking team to delete the stolen data and provide proof of deletion. The payment was made in bitcoin and was laundered through various cryptocurrency exchanges and wallets. The hacker, part of the ShinyHunters group, stored the stolen data on a cloud server accessible to both him and another hacker known as John Erin Binns. The breach was initially discovered by a security researcher known as Reddington, who facilitated negotiations between the hackers and AT&T. The stolen data included call and text metadata, but not the content of the communications or the names of the phone owners. AT&T believes that the entire dataset was deleted, but there is a risk that some samples of the data may still be in circulation. Binns, the alleged perpetrator of the breach, had previously been indicted for a hack against T-Mobile, and he was reportedly arrested in Turkey for an unrelated breach.
| Signal | Change | 10y horizon | Driving force |
|---|---|---|---|
| AT&T pays hacker to delete stolen customer data | Cybersecurity | Improved cybersecurity measures, stricter regulations | Protecting customer data |
| Hackers target poorly secured Snowflake accounts | Cybersecurity | Increased security measures for cloud storage accounts | Lack of multi-factor authentication |
| AT&T customers’ call and text metadata stolen | Privacy and data breach | Enhanced privacy protections and data encryption | Monetization of stolen data |
| AT&T learns about the data theft through a hacker | Incident response | Improved incident response and detection mechanisms | Collaboration between hackers and security researchers |
| Delayed disclosure due to national security risk | Reporting compliance | Stricter regulations on reporting data breaches to authorities | National security concerns |
| Alleged involvement of a known hacker in breach | Cybersecurity | Greater scrutiny and monitoring of known hackers | Identification and apprehension of hackers |