**Telecom Titans AT&T and Verizon Criticized for Neglecting to Inform Victims of Significant Chinese Hacking Operation**

Telecom titans AT&T and Verizon have not yet adequately managed the fallout for those affected by a persistent Chinese hacking operation that targets phone data, a recent [NBC report](https://www.nbcnews.com/tech/security/phone-hack-data-chinese-salt-typhoon-metadata-fbi-security-encrypt-rcna183233) indicates.

In a press conference held last week, the FBI disclosed that state-sponsored hackers from China continue to reside within U.S. networks, despite ongoing attempts to expel them. In recent months, the agency has concentrated on notifying “high-value intelligence targets” regarding the breach, including figures associated with Donald Trump and Kamala Harris. These targets mainly consist of persons or organizations of particular interest to the U.S. government.

Nonetheless, the [vast majority](https://arstechnica.com/tech-policy/2024/12/report-att-verizon-arent-notifying-most-victims-of-chinese-call-records-hack/) of the nearly one million individuals impacted seem to be ordinary Americans. Most of these victims remain uninformed about their exposure, and AT&T and Verizon have not yet explained whether they plan to inform their customers.

### **China-Supported “Salt Typhoon” Operation Reveals U.S. Telecom Weaknesses**

The spying operation, referred to as [Salt Typhoon](https://mashable.com/article/salt-typhoon-telcom-hack-explainer-us-china) by Microsoft’s threat analysis team, utilized [advanced persistent threat (APT) tactics](https://www.crowdstrike.com/en-us/cybersecurity-101/threat-intelligence/advanced-persistent-threat-apt/) to breach at least eight telecommunications firms. This ongoing operation aimed to uncover personal communications and keep tabs on political figures. Investigations have uncovered that hackers accessed not only sensitive political discussions but also the personal information of average Americans. Senator Mark R. Warner, chairman of the Senate Intelligence Committee, has characterized the breach as the [“most significant telecom hack in U.S. history by a wide margin.”](https://www.washingtonpost.com/national-security/2024/11/21/salt-typhoon-china-hack-telecom/)

Beyond focusing on prominent individuals, the Salt Typhoon operation allegedly retrieved device metadata from non-intelligence targets, especially in the Washington, D.C., region. While metadata does not contain the actual communication content, it can be leveraged to trace movements and deduce personal relationships.

### **FCC Regulations and Telecom Providers’ Silence**

Federal Communications Commission (FCC) guidelines mandate that telecom firms inform consumers only if it is assessed that the breach could pose harm. This encompasses threats like monetary loss, identity theft, extortion, or the release of private data. However, the definition of harm—and the choice to notify consumers—largely lies with the companies themselves.

To date, the majority of impacted telecom service providers have kept quiet regarding the breach. T-Mobile stands out as the only major carrier that has openly acknowledged a compromise of its network. The company asserts that the hackers have been removed and that no customer information was accessed.

### **Transparency Issues Create Alarm**

The lack of openness from AT&T, Verizon, and other telecom entities has generated backlash, especially as the magnitude of the breach becomes more apparent. While the FBI strives to minimize damage and eliminate the hackers, countless Americans remain oblivious to the possible compromise of their data.

As the ramifications of Salt Typhoon continue to develop, uncertainties persist about how telecom companies and governmental agencies will tackle the vulnerabilities unveiled by this unparalleled cyber assault—and whether those affected will ever be fully apprised of the risks they encounter.