The US House Energy and Commerce Committee has formally requested explanations from AT&T, Verizon, and Lumen Technologies regarding recent cyber breaches attributed to hackers associated with the Chinese government.
In a series of letters sent to these telecom companies, the Committee asked for a briefing and specific information concerning the breaches, which reportedly involved attempts to access US court-authorised wiretapping data.
“We are concerned by the recent reports of a massive breach of AT&T, Verizon, and Lumen’s communications networks by Chinese hackers”, the Committee wrote to the firms. “These types of breaches are increasing in frequency and severity, and there is a growing concern regarding the cybersecurity vulnerabilities embedded in US telecommunications networks.”
The Committee set a deadline of 18 October 2024 for these companies to provide the requested briefing. Lawmakers seek to understand the circumstances surrounding the breaches and what actions have been taken to improve the security of their communications networks.
The Committee members include Cathy McMorris Rodgers (Republican, Washington), Frank Pallone Jr. (Democrat, New Jersey), Bob Latta (Republican, Ohio), and Doris Matsui (Democrat, California). They emphasised the need to investigate how the breaches occurred and to assess the companies’ efforts to secure customer data and prevent similar incidents in the future.
According to the Wall Street Journal, hackers connected to the Chinese government, referred to as Salt Typhoon, targeted US broadband providers in a recent attack. The breach, reportedly aimed at intelligence gathering, may have exposed sensitive information, including court-authorised network wiretapping data and internet traffic. Sources familiar with the matter described the breach as significant, raising concerns about the implications for national security and the economy.
In their letter, the Committee members also highlighted the importance of safeguarding telecommunications networks used by Americans. They stressed the need for stronger cybersecurity measures to protect against future incidents, particularly those originating from foreign entities.
The Committee’s request for information includes details about when the telecom companies became aware of the breaches, the law enforcement agencies that were notified, and the steps taken to inform customers whose data may have been compromised. Additionally, the Committee asked for an overview of the investigations carried out by the companies to identify network vulnerabilities, as well as the corrective actions implemented in response to the breaches.
The letters further requested details regarding what information the hackers may have accessed and asked the companies to provide recommendations on potential legislative actions that could support efforts to protect telecommunications networks and customer data. The Committee also inquired about any other factors or concerns that should be considered in relation to the incident.
This inquiry follows an earlier investigation by the same Committee in April, when members sought information from UnitedHealth Group about a cyberattack on Change Healthcare. That breach led to extended system disruptions across the US healthcare system.
Recently, Fidelity Investments has officially confirmed a significant data breach to US authorities. According to its filing with the Office of the Maine Attorney General, the US-based asset management firm reported that the breach, which took place in August, compromised the personal information of over 77,000 customers.
Read more: Arkansas City becomes latest victim in cyberattacks on US water facilities