A large number of Americans’ metadata has been stolen in a massive cyberespionage campaign carried out by a Chinese hacking group called Salty Typhoon, a senior US official told reporters on Wednesday.
The official declined to provide specific numbers, but noted that China’s access to US telecommunications infrastructure is extensive and that hacking continues.
“We believe that a large number of Americans’ metadata has been taken,” said the official, who spoke to reporters on condition of anonymity. Asked if that could include the cellphone records of every American, the official said: “We don’t believe it’s every cellphone in the country, but we do believe it’s a potentially large number of people that the Chinese government has targeted.”
Dozens of companies around the world have been hit by the hackers, the official said, including “at least” eight telecommunications and telecommunications infrastructure firms in the United States.
US officials previously said the hackers targeted Verizon, AT&T, T-Mobile, Lumen and others. T-Mobile said none of its customer data was compromised, and Lumen said there was no evidence customer data was accessed on its network, but in at least some other cases hackers allegedly stole phone audio recordings along with a large tranche of call recording data.
Call recording metadata is sometimes described as the who, what, when, and where of phone calls. It does not include the content of the call, but may include who the call was made to, how long it lasted, and where it was made from. Even without the content, the metadata of call recordings—especially when captured in bulk—can reveal extremely detailed details about a person’s life, work, and intimate relationships.
The official said the White House has made dealing with the Salt Typhoon hackers a priority for the federal government and that Joe Biden has been briefed several times about the intrusions.
The call to the press came as US government agencies held a separate classified briefing for all senators on Salt Typhoon’s efforts to compromise US telecommunications companies.
Avril Haynes, director of national intelligence for the FBI; Jessica Rosenworcel, Chair of the Federal Communications Commission; National Security Council; and the Cybersecurity and Infrastructure Security Agency were among the participants in the closed-door briefing, officials told Reuters.