Many Americans’ cellphone data being hacked by China, official says

A large number of Americans’ metadata has been stolen in the sweeping cyber-espionage campaign carried out by a Chinese hacking group dubbed “Salt Typhoon”, a senior US official told journalists on Wednesday.

The official declined to provide specific figures but noted that China’s access to America’s telecommunications infrastructure was broad and that the hacking was ongoing.

“We believe a large number of Americans’ metadata was taken,” said the official, who spoke to reporters on condition that their name be withheld. Pushed on whether that might include every American’s cellphone records, the official said: “We do not believe it’s every cellphone in the country, but we believe it’s potentially a large number of individuals that the Chinese government was focused on.”

Dozens of companies across the world were hit by the hackers, the official said, including “at least” eight telecommunications and telecom infrastructure firms in the United States.

US officials previously alleged the hackers targeted Verizon, AT&T, T-Mobile, Lumen and others. T-Mobile has said none of its customer data was compromised, and Lumen said there is no evidence customer data was accessed on its network, but, in at least some other cases, the hackers are alleged to have stolen telephone audio intercepts along with a large tranche of call record data.

Call record metadata is sometimes described as the who, what, when and where of phone calls. It does not include the content of a call but can include whom a call was placed to, how long it lasted and where it was made from. Even without the content, call record metadata – especially when captured in bulk – can reveal extraordinarily granular details about a person’s life, work and intimate relationships.

The official said the White House had made tackling the Salt Typhoon hackers a priority for the federal government and that Joe Biden had been briefed several times on the intrusions.

The press call occurred as US government agencies held a separate, classified briefing for all senators on Salt Typhoon’s efforts to compromise American telecommunications companies.

Avril Haines, the US director of national intelligence; Jessica Rosenworcel, chair of the Federal Communications Commission; the National Security Council; the FBI and the Cybersecurity and Infrastructure Security Agency were among the participants in the closed-door briefing, officials told Reuters.