Sen. Charles Grassley, R-Iowa, said this week he sent letters to 15 Federal agencies – along with the FBI and the White House – demanding information about their exposure to an AT&T data breach disclosed by the company last month that includes most wireless customer call and text records from May to October 2022.
AT&T broke the data breach news on July 12, saying that the company learned in April of this year that a vast amount of mostly wireless customer call and text record data was “illegally downloaded from our workspace on a third-party cloud platform.” AT&T said the stolen data includes phone numbers that customers interacted with during that period, but not the contents of calls and texts, or any personally identifiable information about AT&T customers.
Sen. Grassley said in an Aug. 5 press release that he is “demanding records from AT&T and 17 federal agencies regarding the April 14-25, 2024, cyberattack on AT&T.”
Specific to Federal agencies, the senator said he is asking them “whether hackers gained access to government materials and why the public didn’t learn of the cyberattack until months after the fact.”
In letters to Federal agencies dated Aug. 2, Sen. Grassley is asking: whether agencies were impacted by the data breach, when they were made aware of the breach, whether they have communicated with AT&T about it, and whether they are taking any steps both internally and with the carrier to “secure data from future breaches and cyberattacks.”
Agencies receiving the letters from Sen. Grassley include the Departments of Agriculture, Commerce, Defense, Education, Energy, Health and Human Services, Homeland Security, Housing and Urban Development, Interior, Justice, Labor, State, Transportation, Treasury, Veterans Affairs, FBI and the Executive Office of the President.
“Bad actors accessed 90 million Americans’ data, which potentially included federal agencies’ communications patterns,” the senator said. “That’s a significant national security threat waiting in the wings.”
“Congress ought to know exactly what outstanding vulnerabilities we’re dealing with, as well as how AT&T and the executive branch are actively mitigating future risks,” he said.
Sen. Grassley said he sent a separate letter to AT&T which questions the carrier’s “security protocols and efforts to strengthen them following the breach.” That letter asks how AT&T discovered the breach, and requests the carrier provide “all records from AT&T’s internal investigation into this incident.”