In one of the largest intelligence breaches in U.S. history, Chinese hackers have stolen phone metadata records of over one million people, primarily in the Washington D.C. area, through a sophisticated campaign nicknamed "Salt Typhoon."
The extensive hacking operation has compromised eight U.S. telecommunications and internet service providers, with AT&T and Verizon being the most severely impacted. While the FBI has notified some high-profile targets whose actual communications were intercepted, including the Trump and Harris presidential campaigns, the vast majority of affected individuals remain unaware their data was compromised.
The stolen metadata includes records of phone calls, text messages, and potential cell tower location data. While this information doesn't contain the content of communications, intelligence experts warn it can reveal sensitive patterns about individuals' movements, contacts, and relationships.
"You should be upset, because carriers' deficient practices resulting in the exposure of whether you called an oncologist or your church is enough of a violation," said Alan Butler, who leads the Electronic Privacy Information Center.
The campaign continues to target U.S. telecommunications infrastructure, according to White House officials. The U.S., Australia, Canada, and New Zealand have attributed the attacks to China, though Chinese officials deny involvement.
Former CIA and NSA Director Michael Hayden has previously emphasized the power of metadata, stating "We kill people based on metadata." Security experts suggest the gathered information could be particularly valuable for mapping social networks among political figures in Washington.
While some companies like T-Mobile claim to have successfully defended against the intrusions, others remain more secretive about the extent of compromise. The FBI has indicated no plans to notify individuals whose metadata was accessed, and telecommunications companies have only contacted a small number of affected customers.
The ongoing nature of Salt Typhoon suggests persistent determination from the attackers. As one security officer noted, "They did not give up... they're going to keep trying to get back in."