AT&T, Verizon, and Lumen in Hot Seat After China Cyberattack

WASHINGTON, Oct. 13, 2024 – The bipartisan leadership of a major House committee is demanding answers from the top executives of AT&T, Verizon, and Lumen Technologies regarding two news reports that their networks were compromised by Chinese cyberattacks and caused a serious security breach.

House Energy and Commerce Letter to AT&T

We are concerned by the recent reports of a massive breach of AT&T, Verizon, and Lumen’s communications networks by Chinese hackers.1 These types of breaches are increasing in frequency and severity, and there is a growing concern regarding the cybersecurity vulnerabilities embedded in U.S. telecommunications networks. The Committee needs to understand better how this incident occurred and what steps your company is taking to prevent future service disruptions and secure your customers’ data

Available to Breakfast Club Members

"The attack appears to be geared towards intelligence collection, and Chinese hackers potentially accessed vulnerable information including court-authorized network wiretapping requests and internet traffic. This is extremely alarming for both economic and national security reasons," the lawmakers said in Oct. 10 letters to the executives that were released Friday.

Republican and Democrat leaders of the House Energy and Commerce Committee sent identical letters – which sought further information – to AT&T CEO John Stankey, Verizon CEO Hans Vestberg, and Lumen Technologies CEO Kate Johnson. The lawmakers requested a staff briefing by Oct. 18, 2024.

The Wall Street Journal reported Oct. 5 that hackers connected to the Chinese government potentially gained access to "information from systems the federal government uses for court-authorized network wiretapping requests," and that for at least many months, "the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data."

A day later, the Washington Post also reported its own account of the cyberattack described by the House lawmakers.

Citing unnamed officials, the Journal story described the cyberattack as "a potentially catastrophic security breach and was carried out by a sophisticated Chinese hacking group dubbed Salt Typhoon."

The letters to the CEOs were sent by Energy and Commerce Committee Chair Rep. Cathy McMorris Rodgers, R-Wash., and ranking member Rep. Frank Pallone, D-N.J., as well as Communications and Technology Subcommittee Chair Rep. Bob Latta, R-Ohio, and ranking member Rep. Doris Matsui, D-Calif.

The committee leaders asked all three CEOs to respond to eight questions about the cyberattacks. Following are a several included in the AT&T letter:

"When and how did AT&T become aware that its network had been breached?"

"What law enforcement entities, if any, did AT&T contact upon learning that the breach occurred?"

"What steps has AT&T taken to notify customers of the breach and what is AT&T doing to assist customers whose data has been compromised?"

"What legislative actions should Congress take to assist AT&T in protecting your networks and your customers’ data?"; and

"Are there any other issues or sensitivities the Committee should be aware of with respect to this incident?"

The lawmakers asked all three CEOs for responses by Oct. 18, 2024.