Hackers say AT & T paid about $400,000 to delete sensitive data, and a bitcoin transaction is suspected to be linked to the ransom payment
On July 15, a hacker who claimed to have stolen sensitive call and text message records from US telecommunications company AT & T said they were paid around $400,000 to erase the databases. An analysis of the bitcoin wallet address provided by the hacker revealed that a transaction in mid-May was consistent with a ransomware payment. A person familiar with the ransomware negotiations confirmed that AT & T paid the hackers, and it is unclear whether AT & T paid the hackers through a third party.
An AT & T spokesperson declined to comment on whether the company paid the ransom to curb the fallout from the hack. Chainalysis Inc. examined the payment records provided by the hackers and compared them to the information on the blockchain. The company said it appeared to be a blackmail payment in which someone deposited about $380,000 worth of bitcoin at the time into a digital wallet identified by the hackers, and a smaller amount of money was subsequently transferred from that wallet to another known hacker's wallet. It was not possible to determine whether the initial bitcoin payment was made by AT & T.