New details have emerged regarding the massive AT&T hack that compromised the personal data of approximately 110 million customers. Reports have surfaced indicating that the company paid a ransom, in Bitcoin to the hacker to secure the removal of the compromised data, which contained details, like customer phone numbers and contact records.
According to sources, the AT&T hack was carried out by a member of the notorious ShinyHunters hacking group, who gained access to the data through unsecured Snowflake cloud storage accounts. The hacker requested $1 million, in Bitcoin at first. At&t ended up paying, around $373,000 to ensure the data was deleted.
FBI Involvement in the AT&T Hack
In an unusual move, AT&T contacted the FBI before reporting the AT&T hack to the Securities & Exchange Commission (SEC). The FBI asked the carrier to hold off on announcing the breach allowing them more time before following the four day SEC reporting rule. This event is reportedly the time the Justice Department has requested a company to postpone an SEC disclosure, for reasons related to security or public safety.
The FBI’s involvement in the AT&T hack allowed them to review the stolen data for potential risks and even led to at least one arrest based on the information provided by AT&T. The postponement of making information public may raise concerns regarding openness highlighting the challenges involved in managing data breaches and their potential impact, on security.