On Friday it emerged that telecom giant AT&T had been a victim of a hack attack in May, when malicious coders got hold of a huge amount of detailed call and text messaging records. The attack impacted “nearly all” the company’s tens of millions of customers. Conscious of the amazing sensitivity of this data, AT&T apparently paid a member of the hacking team over $370,000 to delete the files and provide proof they did so in the form of a video, Wired reports .

Wired explains that the payment happened back in mid-May via an intermediary who was acting on behalf of one of the ShinyHunters international hacker collective. The ransom was originally set at $1 million, but AT&T successfully negotiated the total down to around $370,000 in an equivalent value of bitcoin–the cryptocurrency used by some bad actors for its relative untraceability. The intermediary, a person Wired says AT&T also paid for their role in the negotiation, verified that the AT&T data is believed deleted, but warned that snippets of the information could still be available online, which means AT&T’s nightmare is not 100 percent verifiably over.

The data stolen from AT&T’s archive included phone numbers called by subscribers, phone numbers texted by subscribers, how long calls lasted and the total number of calls and texts made–all for a period between May and October 2022. Though AT&T emphasized that the stolen data doesn’t contain any information on the content of the leaked calls or texts, TechCrunch reports, the archive nevertheless contains important data on user phone habits, and could, for some users, be personally or professionally sensitive.

Importantly the leak happened via AT&T’s use of a cloud data provider called Snowflake, whose servers have been targeted by hackers previously. Noted data security expert Brian Krebs points out in a blog post that the AT&T hack, among others, was possible because “malicious hackers figured out that many major companies have uploaded massive amounts of valuable and sensitive customer data to Snowflake servers.” He added that the hackers could gain access to this data because they were protected “with little more than a username and password.” Krebs also points out that the ongoing impact of the hack really does lie with AT&T–he is confused “why so many major corporations persist in the belief that it is somehow acceptable to store so much sensitive customer data with so few security protections.”