Telecom breaches and vulnerabilities have become alarmingly commonplace, impacting millions of individuals and countless organizations globally. Recent headlines paint a sobering picture of how traditional telecom practices fail to protect users from threats like data breaches, SIM swapping, and unauthorized surveillance. At Cape, we believe it doesn’t have to be this way. This table shows major incidents since 2024 and demonstrates how Cape’s privacy and security-first approach could have mitigated or prevented these attacks.
DOJ Subpoenas | ||
NBC News reported that the Trump-era Department of Justice secretly obtained phone and text message logs of 43 congressional members and staffers as part of leak investigations. The DOJ subpoenaed telecom providers for metadata, including call logs, phone numbers, and timestamps, without notifying the individuals involved. While the content of communications was not accessed, the metadata still provided a detailed picture of communications patterns and relationships, raising serious concerns about privacy and government overreach. | ||
Telecom Vulnerability | How Cape is Different | |
Traditional telecom providers collect large amounts of metadata—call logs, timestamps, and phone numbers. This metadata, while seemingly harmless, can reveal sensitive relationships, patterns of communication, and private associations. | ||
Telecom providers often store far more data for far longer than is necessary to operate their networks, keeping sensitive metadata like call logs for years. | ||
Traditional telecoms comply with broad legal requests without notifying users, risking unnecessary exposure of sensitive data and limiting users' ability to protect their privacy. | ||
Salt Typhoon: China Compromises the Entire US Telecom Network | ||
In October 2024, Chinese hackers known as "Salt Typhoon" breached at least eight major U.S. telecommunications providers, including AT&T, Verizon, and T-Mobile, in what some lawmakers described as the largest telecommunications hack in American history. They infiltrated lawful intercept systems, accessing sensitive metadata such as call logs and unencrypted text messages, and maintained unauthorized access for months. High-profile individuals, including President Donald Trump and Vice President J.D. Vance, were among those targeted. U.S. senators have called for enhanced security measures to protect national infrastructure. | ||
Telecom Vulnerability | How Cape is Different | |
Traditional telecom networks rely on a patchwork of outdated, legacy technology and infrastructure that provides a broad attack surface for attackers. Once attackers find a way in, the emphasis within telco architecture is interoperability rather than security, which means that bad actors are able to infiltrate core systems and embed themselves. Compounding this, many telecom systems lack basic protections like multi-factor authentication (MFA), allowing attackers to move freely across systems once initial access is gained. Even now, Salt Typhoon likely remains active and persistent in U.S. telco networks. | ||
Telecom providers store vast amounts of user metadata, such as call detail records and location data, for prolonged periods. This data, if breached, provides attackers with rich insights into user activity and relationships. | ||
AT&T Data Breach Exposes Phone Records and Metadata for 110 Million Customers | ||
In July 2024, AT&T reported a major data breach affecting approximately 110 million customers. Cybercriminals accessed phone numbers, call records, text message metadata, and in some cases, cell site information that could approximate users’ locations. This breach, which spanned data from May to October 2022 and some data from January 2023, occurred due to unauthorized access to AT&T’s cloud provider, Snowflake. While the content of communications was not exposed, the metadata still provided valuable insights into customers' interactions and movements. | ||
Telecom Vulnerability | How Cape is Different | |
Weaknesses in security, including the absence of multi-factor authentication (MFA) protocols for its cloud environment. | ||
Other MVNOs (mobile virtual network operators) that rely on AT&T’s core infrastructure may have been impacted by the breach, meaning AT&T can access a complete record of their customers’ calls and texts. | ||
The breach exposed call logs dating back several years or longer. Retaining metadata for extended periods increases the potential impact of a breach. | ||
Signaling Protocol Flaws Expose Global Phones to Hacks | ||
Mobile networks worldwide rely on two core protocols—SS7 and Diameter—to manage essential tasks like locating subscribers and updating their locations when they roam. While foundational to mobile communications, these protocols are notoriously vulnerable to exploitation, allowing location tracking, and eavesdropping on calls and texts. Examples of these weaknesses are well-documented:
| ||
Telecom Vulnerability | How Cape is Different | |
Legacy signaling protocols like SS7 and Diameter lack robust authentication mechanisms, making them vulnerable to interception, location tracking, and call redirection. | ||
FCC Fines Major Carriers for Location Data Violations | ||
In a landmark case from April 2024, the Federal Communications Commission (FCC) fined AT&T, Verizon, T-Mobile, and Sprint a total of $200 million for illegally sharing access to customer location data without their consent. The carriers had allowed third-party aggregators to access highly sensitive geolocation data, enabling tracking of individuals without proper oversight or user approval. The violations were widespread and underscored systemic issues in the way carriers manage and safeguard location data. | ||
Telecom Vulnerability | How Cape is Different | |
Carriers profit by sharing or selling user location data to third-party aggregators, often without sufficient user consent or oversight. | ||
Traditional carriers collect vast amounts of sensitive location data, including granular GPS information, increasing the risk of misuse and unauthorized access. | ||
Extended retention of metadata creates unnecessary risks in the event of breaches, subpoenas, or unauthorized access. | ||
AT&T Data Breach Exposes PII of 73M Customers | ||
On March 30, 2024, AT&T acknowledged that a large dataset of personally identifiable information (PII) belonging to current and former customers had been leaked. Originally stolen in August 2021, the data was published online recently, allowing researchers to verify its authenticity. The compromised information included full names, email addresses, mailing addresses, phone numbers, social security numbers, dates of birth, and AT&T account numbers and passcodes. | ||
Telecom Vulnerability | How Cape is Different | |
Traditional carriers collect vast amounts of sensitive location data, including granular GPS information, increasing the risk of misuse and unauthorized access. | ||
Traditional account security methods, such as passwords and passcodes, are highly vulnerable to breaches, insider compromise, and social engineering. These weak points make it easier for attackers to gain unauthorized access to user accounts. This risk was highlighted recently when AT&T had to reset thousands of customer passcodes after a major breach, underscoring the inherent vulnerabilities of relying on outdated authentication methods. | ||
Sydney Sweeney’s SIM Swap | ||
Actress Sydney Sweeney became the latest high-profile victim of a SIM swap attack, resulting in her phone number being stolen and an associated account hacked. SIM swappers typically exploit vulnerabilities in telecom processes using methods like:
| ||
Telecom Vulnerability | How Cape is Different | |
SIM swaps exploit weak customer authentication processes and human vulnerabilities, such as bribing employees or manipulating customer support. | ||
Stalker Exploits Emergency Data Request to Target Victim | ||
A chilling incident reported by 404 Media reveals how a stalker exploited Verizon’s compliance with a fraudulent Emergency Data Request (EDR) to obtain sensitive information. Posing as a police officer, the stalker submitted a fake warrant to request the victim's address and phone logs. Armed with this information, the stalker drove to the victim’s address with a knife and used the obtained data to track the victim’s family, friends, workplace, and even her daughter’s therapist. | ||
Telecom Vulnerability | How Cape is Different | |
Carriers routinely collect and store customer addresses. | ||
Extended retention of call detail records (CDRs) and other metadata creates unnecessary risks in the event of breaches, subpoenas, or unauthorized access. | ||
Traditional telecoms comply with broad legal requests without notifying users, risking unnecessary exposure of sensitive data and limiting users' ability to protect their privacy. | ||
Tracking SEC Officials Using Geolocation Data | ||
A September 2024 report revealed how de-identified smartphone geolocation data was used to track devices associated with the Securities and Exchange Commission (SEC). Researchers leveraged this data to monitor SEC visits to firm headquarters, uncovering insights into the agency’s investigative practices, and potentially revealing SEC enforcement intent. | ||
Telecom Vulnerability | How Cape is Different | |
Carriers profit by sharing or selling user location data to third-party aggregators, often without sufficient user consent or oversight. | ||
Persistent device identifiers, like AdIDs, enable long-term profiling and tracking, allowing third parties to link behaviors and locations back to individual users. | ||
Former Verizon Employee Pleads Guilty to Conspiring with Chinese Spy Agency | ||
A former Verizon employee admitted to using his access to Verizon systems to provide sensitive customer data to operatives of a Chinese spy agency. This included leveraging his insider knowledge to access and share personal information about U.S. citizens, compromising their privacy and security. This incident underscores the risks of insider threats within telecom companies, particularly when data systems are centralized and allow broad access. | ||
Telecom Vulnerability | How Cape is Different | |
Traditional telecom systems often operate with centralized architectures and broad access privileges, creating significant risks of insider threats. Employees with extensive system access can exploit their positions to share or misuse sensitive customer data, as demonstrated in the Verizon incident where a former employee provided personal information to a foreign intelligence agency. This lack of stringent access controls and robust monitoring leaves customer data highly vulnerable to insider compromise. | ||
The widespread collection and storage of personally identifiable information (PII) by traditional telecom companies increases the potential harm caused by insider threats. When employees misuse access, they expose sensitive data that can be exploited for surveillance or espionage. | ||
AT&T Fined $13 Million for Data Breach Involving Third-Party Vendor | ||
In September 2024, AT&T was fined $13 million after a vendor used by the company to create billing and marketing videos failed to delete sensitive customer data as required. This breach exposed customer billing information, raising concerns about the telecom industry's third-party data-sharing practices and oversight. Regulators highlighted that AT&T did not sufficiently ensure the vendor adhered to proper data-handling and deletion protocols. | ||
Telecom Vulnerability | How Cape is Different | |
Telecom providers often share large volumes of sensitive customer data with third-party vendors for operational purposes. Without strict oversight, vendors may mishandle, retain, or expose this data, leaving it vulnerable to breaches and misuse. | ||
Loose data-sharing practices in the telecom industry result in excessive access to customer data by third-party vendors, increasing the risk of data leaks or unauthorized retention. | ||
Hackers Advertise Stolen Verizon Push-to-Talk Call Logs | ||
Hackers reportedly stole and advertised call logs from Verizon’s Push-to-Talk service. The exposed data included sensitive call details, putting customer privacy and potentially national security at risk. This incident highlights vulnerabilities in telecom infrastructure and the risks associated with storing large volumes of communication metadata for extended periods. | ||
Telecom Vulnerability | How Cape is Different | |
Telecom infrastructure often lacks modern cybersecurity protections, leaving systems vulnerable to breaches that expose sensitive call logs and metadata. | ||
Traditional telecom providers collect large amounts of metadata—call logs, timestamps, and phone numbers. This metadata, while seemingly harmless, can reveal sensitive relationships, patterns of communication, and private associations. | ||
Telecom providers often store far more data for far longer than is necessary to operate their networks, keeping sensitive metadata like call logs for years. | ||
These incidents highlight the vulnerabilities in conventional telecom systems, and have normalized the constant risks they pose to individuals and businesses, and even to national security. At Cape, we’re redefining what it means to provide connectivity without compromise. We’ve built a network that protects against modern threats while putting your privacy first.
