Hackers finding vulnerabilities in telecommunication companies has become increasingly common, with sensitive information being compromised in many cases. A major breach that has been going on for quite some time is by a Chinese hacking group, Salt Typhoon, entrenched in the U.S. telecommunication system. It is considered one of the most severe breach cases, but despite the gravity of the situation, it is reported that many of the affected companies have failed to inform the consumer of the intrusion. AT&T and Verizon have both been in hot waters recently for being the most intensely impacted companies yet going with a limited approach to customer notifications.
AT&T and Verizon face criticism for their selective approach to notifying consumers about breaches despite their potential misuse
A recent report by NBC News is making the rounds and has stirred quite a discussion regarding the lack of transparency and corporate responsibility when it comes to informing consumers of a breach and advising them about the potential risk involved. Two of the companies reportedly most affected by the hacking are AT&T and Verizon, which have been facing immense backlash for their selective approach to notifying customers about the breach.
It is said both companies only limited the notification to customers who had their calls and texts directly intercepted. Given the sensitivity of the information, withholding it from a million customers did not sit well as questions are being raised not only about data protection but also the transparency of these Telecom companies as the tech community pushes for a more comprehensive alerting system and accountability.
The Salt Typhoon hacking group is said to have accessed the metadata of more than a million consumers. The sensitive data included messages, phone calls, phone numbers, and primarily involved customers based in Washington, DC. While companies are actively working on mitigating the impact of the breach, the fact that quite a few individuals are unaware of the compromised data is alarming.
Privacy advocates also raise concerns regarding the FBI and other regulations not pushing AT&T and Verizon to notify customers about the hacking incident and the compromised data. FBI officials reportedly said:
The providers and/or the carriers, whatever term we want to use, would really have the responsibility to notify their customers of the stolen records. That would not typically fall to CISA or the FBI.
Salt Typhoon's hacking campaign compromised the systems of about eight telecommunication service companies and internet service providers in the U.S. and exploited vulnerabilities caused by outdated infrastructure.
