Telecom companies aren’t notifying most customers impacted by the intrusion of their systems by Chinese hackers.
Salt Typhoon, a hacker group believed to be associated with China’s Ministry of State Security, has reportedly been inside US networks for months and it still hasn’t been expelled.
A new NBC News report says that AT&T and Verizon, two companies that were hit the hardest by the hack, have only alerted customers whose call and text content was eavesdropped on. These customers constituted a relatively small number of victims, the vast majority of whom had their metadata stolen.
Salt Typhoon hackers accessed metadata for over a million people, most in the Washington, D.C., area. Metadata is the data collected about phone calls and messages, such as the numbers of the participants, timing, and location information.
Metadata doesn’t contain conversation content and doesn’t tie numbers to customers, but it can be valuable information for intelligence services who already know targets’ numbers. They can use the information to obtain someone’s travel routes and figure out how different people are connected.
The FBI is putting no pressure on AT&T and Verizon to notify customers whose metadata was accessed, and the two are unlikely to do so.
The providers and/or the carriers, whatever term we want to use, would really have the responsibility to notify their customers of the stolen records. That would not typically fall to CISA or the FBI.
FBI official. December 2024
The Salt Typhoon campaign is believed to have breached more than eight telecommunications companies and internet service providers in the US. It’s suspected that the aging US communications system made it easy for Chinese hackers to break into these companies.
Prominent US citizens, particularly politicians and government officials, are said to be the main target of the Salt Typhoon. The group reportedly accessed systems the government uses for lawful wiretapping requests. The campaigns of President-elect Donald Trump and Vice President-elect JD Vance are among those targeted.
