The attack affected Syniverse, a major telecom company that annually routes billions of text messages for hundreds of mobile carriers.
Major telecommunications provider Syniverse, which routes billions of text messages each year for providers including AT&T, Verizon, and T-Mobile, has revealed it is the victim of a five-year-long security breach that may have exposed millions of mobile phone users around the world.
Syniverse says on its website that it processes more than 740 billion messages per year and has more than 300 direct connections to mobile operators. This incident was revealed in a Sept. 27 filing with the US Securities and Exchange Commission (SEC), in which Syniverse revealed in May 2021, it “became aware of unauthorized access to its operational and information technology systems by an unknown individual or organization.”
The company then launched an investigation, notified law enforcement, began remediation, and hired legal counsel and other incident response professionals, the SEC filing states.
Results of the investigation revealed the unauthorized access began in May 2016. The attackers had gained access to databases within the company’s network on several occasions, officials reports. Login information allowing access to or from its Electronic Data Transfer (EDT) environment was compromised for approximately 235 of Syniverse customers, the filing states.
“All EDT customers have been notified and have had their credentials reset or inactivated, even if their credentials were not impacted by the incident,” the filing states. “All customers whose credentials were impacted have been notified of that circumstance.” The company says it also has “notified all affected customers of this unauthorized access where contractually required.”