AT&T, Verizon, Lumen executives hear from lawmakers about reported China hacks
A congressional committee on Friday called on the chief executives of three major telecom companies reportedly breached by Chinese hackers to provide more details, and brief lawmakers, about the intrusions.
In separate letters, the leaders of the House Energy and Commerce Committee demanded AT&T, Verizon and Lumen answer a series of questions about the hacks, which federal officials fear may have compromised wiretap systems used by U.S. law enforcement.
The digital break-ins, tied to a group tracked as Salt Typhoon, were first reported last week by The Wall Street Journal. The House panel has jurisdiction over telecommunications issues.
“These types of breaches are increasing in frequency and severity, and there is a growing concern regarding the cybersecurity vulnerabilities embedded in U.S. telecommunications networks,” lawmakers wrote, adding the panel “needs to understand better how this incident occurred and what steps your company is taking to prevent future service disruptions and secure your customers’ data.”
In their missives, lawmakers — who described the hacks as “extremely alarming for both economic and national security reasons” — asked the executives the same series of eight questions, including how and when the firms became aware of the breaches; what law enforcement agencies they contacted; what information was exposed or pilfered in the hacks.
The committee requested answers, and a briefing, by October 18.
“In an age where Americans rely heavily on your services for communication and connectivity, the integrity of your networks is paramount,” members wrote. “It is vital that cybersecurity protocols are enhanced to better protect American’s data against increasingly sophisticated attacks especially from our foreign adversaries.”
The House Select Committee on China also sent a letter to the companies and similarly requested a briefing.
Meanwhile, Ron Wyden (D-OR), a member of the Senate Intelligence Committee, sent a letter to the heads of the Justice Department and the Federal Communications Commission, asking them to jumpstart the rulemaking process for updating federal baseline cybersecurity standards, including stiff financial penalties for telecoms that don’t comply.
“The outdated regulatory framework and DOJ’s failed approach to combating cyberattacks by protecting negligent corporations must be addressed,” he wrote.
Martin Matishak
is the senior cybersecurity reporter for The Record. Prior to joining Recorded Future News in 2021, he spent more than five years at Politico, where he covered digital and national security developments across Capitol Hill, the Pentagon and the U.S. intelligence community. He previously was a reporter at The Hill, National Journal Group and Inside Washington Publishers.