Congress must summon AT&T CEO John Stankey over catastrophic data leak – Washington Examiner

AT&T CEO John Stankey should have resigned over the catastrophic data leak that AT&T announced on Friday. Seeing, however, as Stankey is evidently more concerned with keeping his $26 million-a-year job than taking responsibility for his firm’s catastrophic failure, Congress should urgently summon him for questioning.

To understand why this leak is so serious, consider two points from this CNN summation. First, that AT&T had 110 million cellphone plan subscribers at the end of 2022. Second, that “AT&T said the compromised data includes the telephone numbers of ‘nearly all’ of its cellular customers and the customers of wireless providers that used its network between May 1, 2022 and October 31, 2022.”

The logs additionally contain “a record of every number AT&T customers called or texted — including customers of other wireless networks — the number of times they interacted, and the call duration.” While the content of messages/calls was not seized, “AT&T said that for an undisclosed subset of its records, one or more cell site identification numbers linked to the calls and texts were also exposed.”

It’s not surprising that AT&T doesn’t want to disclose how many customers also had their cell tower ID numbers leaked. If an organized criminal or foreign intelligence actor had access to that data, it would enable them to know the locations from where calls were made. The risks for compromise here are very significant, particularly as pertaining to foreign intelligence services. Entered into a data extrapolation system, a foreign intelligence actor could use this information to engage in substantive patterns of life analysis.

That means said actor would have a good chance of finding out who was talking/texting who, when they tended to talk/text in the context of their daily routines, for how long they talked/texted, and in some cases where those in communication lived. It is relatively easy to find out a cellphone number’s user identity. Consider how useful this might be for a foreign intelligence service.

Imagine that this service had identified a phone number belonging to a male employee of the CIA with a wife and two teenage children. Imagine that the foreign intelligence service identified that the man had been repeatedly calling a bookie during his lunch hour. Imagine that further investigation discovered that the man was in heavy debt. Imagine then that said foreign intelligence service approached the man via text message asking to meet to discuss a gambling opportunity. Imagine that at that meeting, an intelligence officer offered large amounts of precious jewelry in return for his provision of classified information. Imagine that the intelligence service in question was the Chinese MSS and the provided information involved CIA efforts to conduct espionage inside Beijing.

For another example, if repeated calls or texts were found to have been made at late night hours or via cellphone towers not normally used by a caller/texter, that might indicate an extramarital affair. These scenarios are just the tip of a very diverse and vast iceberg of hostile uses for this data.

Unfortunately, it’s clear that AT&T’s leadership doesn’t want to take responsibility for their disaster. They want to spin this incident as an aberration for an otherwise competent, consumer-focused company. In a statement, AT&T declared, “Our top priority, as always, is our customers. We will provide notice to current and former customers whose information was involved along with resources to help protect their information. We sincerely regret this incident occurred and remain committed to protecting the information in our care.”

It takes quite a bit of gall for AT&T to claim that its top priority is its customers and that it remains “committed to protecting the information in our care.”

After all, an entirely separate AT&T hacking incident earlier this year led to the personal information (Social Security numbers, etc.) of “7.6 million current account holders and 65.4 million former account holders” being leaked. Taken together, these two leaks don’t exactly suggest that AT&T has ever been committed to protecting the information in its care. Were a foreign intelligence service able to access data from both these leaks, they would have great potential for compromising large numbers of Americans.

CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER

The basic point stands. AT&T has failed its customers in a truly catastrophic fashion. The ring-fenced safeguarding of metadata should be a sacrosanct concern for any telecommunications company operating in 2024. That Stankey hasn’t resigned over this calamity is a disgrace in and of itself.

Congress has an urgent duty to ask some hard questions.