AT&T and Verizon are facing heavy criticism for their handling of recent data breaches, with reports suggesting they failed to notify millions of customers whose information was compromised by the Salt Typhoon hacking group. This lack of transparency has sparked outrage and raised serious questions about corporate responsibility.
The Salt Typhoon group, believed to be of Chinese origin, has been actively exploiting vulnerabilities in U.S. telecommunication systems, potentially gaining access to highly sensitive customer information.
Selective Notifications
A recent report by NBC News highlights that AT&T and Verizon have only notified customers whose calls and texts were directly intercepted. This selective approach means that a vast number of potentially affected customers, whose metadata (including messages, phone calls, and phone numbers) was also compromised, have been left in the dark. This has led to concerns about both data protection and the lack of transparency from these companies.
FBI Stance
Privacy advocates are also questioning why the FBI and other regulatory bodies are not compelling AT&T and Verizon to notify all affected customers. FBI officials have reportedly stated that the responsibility to notify customers lies with the service providers, not with the FBI or CISA.
"The providers and/or the carriers, whatever term we want to use, would really have the responsibility to notify their customers of the stolen records. That would not typically fall to CISA or the FBI."
The Salt Typhoon hacking campaign reportedly impacted the systems of approximately eight telecommunication service companies and internet service providers in the U.S., exploiting vulnerabilities due to outdated infrastructure.
