U.S. Senator Maria Cantwell, the Ranking Member of the Senate Committee on Commerce, Science, and Transportation, has called for a hearing with the CEOs of AT&T and Verizon regarding ongoing concerns about network security following the Salt Typhoon cyberattack. In a letter to Committee Chairman Ted Cruz, Cantwell stated that both companies have not been transparent about their responses to the attack.
"For months, I have sought specific documentation from AT&T and Verizon that would purportedly corroborate their claims that their networks are now secure from this attack," wrote Sen. Cantwell. "Unfortunately, both AT&T and Verizon have chosen not to cooperate, which raises serious questions about the extent to which Americans who use these networks remain exposed to unacceptable risk. Since then, expert witnesses warned this Committee about the ongoing security risks posed by Salt Typhoon, while reports indicate that Salt Typhoon hackers are likely still inside U.S. telecommunications networks and may have even breached email accounts used by congressional staff."
Cantwell referenced recent expert testimony indicating that providers such as AT&T and Verizon may not be taking sufficient steps to protect customer data after the breach. She cited December testimony from a former Chief of the Federal Communications Commission’s Public Safety and Homeland Security Bureau before the Telecommunications Subcommittee: "[I]n December the former Chief of the Federal Communications Commission’s Public Safety and Homeland Security Bureau testified before the Telecommunications Subcommittee, ‘I’m not convinced that providers will take sufficient and sustained actions in the wake of Volt and Salt Typhoon without a strong verification regime’ and further stated: ‘if the providers are not doing basic hygiene across their networks consistently, then yes, they should be held accountable,’" continued Sen. Cantwell.
Despite requests for key documents detailing efforts to remediate vulnerabilities identified by Mandiant—the company hired by both telecoms for security assessments—AT&T and Verizon have declined to provide them. According to Cantwell's statement, Mandiant also did not provide requested documentation at what appears to be at AT&T’s and Verizon’s direction.
"If AT&T and Verizon are not going to provide Congress key documentation voluntarily, then I believe this Committee must promptly convene a hearing with their CEOs so they can explain why Americans should have confidence in the security of their networks amid mounting evidence that the Salt Typhoon hackers remain active and undeterred," concluded Sen. Cantwell. "The American public deserves transparency and certainty that our nation’s major telecommunications networks are not currently exposed to unacceptable risks. This oversight hearing would be an opportunity to provide precisely that."
Cantwell also noted previous opposition to an FCC decision made in November 2025 when she wrote FCC Chairman Brendan Carr urging against rolling back rules designed after Salt Typhoon aimed at protecting U.S. data networks from future attacks; however, those rules were rescinded in a party-line vote.
The FBI has described Salt Typhoon as one of most significant cyber espionage breaches affecting more than 200 U.S organizations across 80 countries since its discovery in 2025. The agency has recommended encrypted messaging applications due to ongoing vulnerabilities stemming from this attack.
In her letter addressed February 3rd, Cantwell urged prompt action so Americans can gain clarity regarding potential risks within major telecommunications infrastructure.
