Syniverse, a company that handles mobile SMS routing for hundreds of telecommunications companies, including Vodafone, AT&T, T-Mobile, Verizon, America Movil, Telefonica, and China Mobile, revealed that hackers have had access to its systems for years, impacting more than 200 of its clients and potentially millions of cellphone users worldwide.
In a filing with the Securities and Exchange Commission the company said that “in May 2021, Syniverse became aware of unauthorized access to its operational and information technology systems by an unknown individual or organization. Promptly upon Syniverse's detection of the unauthorized access, Syniverse launched an internal investigation, notified law enforcement, commenced remedial actions and engaged the services of specialized legal counsel and other incident response professionals.”
The company also added that its “investigation revealed that the unauthorized access began in May 2016" and "that the individual or organization gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer ('EDT') environment was compromised for approximately 235 of its customers.”
Syniverse has not provided additional information regarding the impact of the breach, but a former Syniverse employee told Motherboard Vice that those systems contain information on all types of call records, so the attackers may have gained access to call records and message data, such as call length and cost, the numbers and location of the caller and receiver, and the content of SMS messages.
In a statement to Vice, the company said: “As soon as we learned of the unauthorized activity, we implemented our security incident response plan and engaged a top-tier forensics firm to assist with our internal investigation. We also notified and are cooperating with law enforcement.
“Syniverse has completed a thorough investigation of the incident which revealed that the individual or organization gained unauthorized access to databases within its network on several occasions and that login information allowing access to or from its EDT environment was compromised for certain customers.
“All EDT customers have had their credentials reset or inactivated, even if their credentials were not impacted by the incident. We have communicated directly with our customers regarding this matter and have concluded that no additional action is required.”