A new report claims that neither AT&T nor Verizon have notified the majority of people impacted by the latest data breaches from China. These two telecom service providers seem to have suffered the most severe impact.
Months ago, the FBI raised the alarm about the campaign from China, which they attributed to the Salt Typhoon group. US security agencies have been dealing with the threat, which, according to official sources, is still ongoing. There is still compromised tech by the hackers allegedly financed by Beijing. The FBI has not been able to offer a date for the complete expulsion of the attackers. Meanwhile, US authorities recommend using encrypted telecommunications.
Chinese hackers could have obtained call and SMS metadata in Washington
According to the FBI, Salt Typhoon’s main target was valuable US intelligence data. To do so, they directed their attacks at the latest presidential candidates and their campaign staff. The FBI also notified Senate Majority Leader Chuck Schumer (D-N.Y.) about the targeting of his entire office’s telecommunications.
That said, it appears the hackers didn’t exactly get to the data they were looking for. However, they did manage to obtain another form of information that still holds significant value for enemy intelligence agencies. We’re talking about call and SMS metadata, which records key details like the phone numbers of call participants, the time and date of the call, and possibly the antenna locations connected to mobile devices.
Call and SMS metadata remains information of a very sensitive nature. An intelligence agency can use it to map a particular person’s travels and even find out who they talk to. “We kill people based on metadata,” said Gen. Michael Hayden, former CIA and National Security Agency director, at a forum in 2014.
“You should be upset, because carriers’ deficient practices resulting in the exposure of whether you called an oncologist or your church is enough of a violation, regardless of whether the actual content of those calls was also disclosed,” said Alan Butler, CEO of the Electronic Privacy Information Center.
Data breaches reportedly impacted more than a million, but AT&T and Verizon have not warned them
Industry sources told NBC News that Verizon and AT&T customers are among the more than a million affected by China-related data breaches. However, none of these carriers have sent notifications to the majority of those affected. The report indicates that “only a very small number of victims” have received a notification. There is no detail on the motive behind this or whether they plan to disclose the data breach publicly.
Hackers have reportedly managed to infiltrate up to eight US telecoms, but the full list of affected carriers and internet providers is not yet available.
