Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyber Insurance

Telecoms Giant Syniverse Discloses Years-Long Data Breach

Syniverse, a company whose connectivity services are used by nearly all mobile carriers in the world, said hackers had access to its information technology (IT) and operational technology (OT) systems for years.

Syniverse, a company whose connectivity services are used by nearly all mobile carriers in the world, said hackers had access to its information technology (IT) and operational technology (OT) systems for years.

Syniverse says it has roughly 1,250 customers across 200 countries, including a vast majority of the world’s mobile carriers, such as AT&T, Verizon, T-Mobile, Vodafone, China Mobile, Airtel, Telefónica, and América Móvil. The company’s services are used to connect the networks of different mobile carriers and enable the transmission of data. Syniverse says it enables billions of transactions, conversations and connections every day.

In a recent filing with the U.S. Securities and Exchange Commissions (SEC), the company admitted discovering a data breach in May 2021. An investigation revealed that an unknown threat actor had access to its OT and IT systems since May 2016.

“The results of the investigation revealed that the unauthorized access began in May 2016. Syniverse’s investigation revealed that the individual or organization gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (“EDT”) environment was compromised for approximately 235 of its customers,” the company said in its SEC filing.

It added, “Syniverse did not observe any evidence of intent to disrupt its operations or those of its customers and there was no attempt to monetize the unauthorized activity. Syniverse did not experience and does not anticipate that these events will have any material impact on its day-to-day operations or services or its ability to access or process data. Syniverse has maintained, and currently maintains, cyber insurance that it anticipates will cover a substantial portion of its expenditures in investigating and responding to this incident.”

Based on Syniverse’s description of the attack, it sounds like the work of a state-sponsored threat actor. If that is the case, it’s possible that the attackers may have only targeted a relatively small number of individuals, even though they may have had access to the information of millions — possibly billions — of people who use the services of the 235 Syniverse customers that have been confirmed to be impacted.

Vice’s Motherboard was the first to notice the data breach mentioned in the SEC document, which Florida-based Syniverse filed ahead of becoming a publicly traded company via a merger with M3-Brigade Acquisition II Corp., a special purpose acquisition company.

Syniverse is not sharing additional information about the impact of the incident, but Motherboard learned from a source working for a mobile carrier that — depending on what was being exchanged in the compromised environment — the attacker may have gained access to call records and message data, such as call length and cost, the numbers and location of the caller and receiver, and the content of SMS messages.

Advertisement. Scroll to continue reading.

UPDATE: Syniverse has provided SecurityWeek the following statement:

Syniverse became aware of unauthorized activity in our Electronic Data Transfer (EDT) environment in late May 2021. As soon as we learned of the unauthorized activity, we implemented our security incident response plan and engaged a top-tier forensics firm to assist with our internal investigation. We also notified and are cooperating with law enforcement. Syniverse has completed a thorough investigation of the incident which revealed that the individual or organization gained unauthorized access to databases within its network on several occasions and that login information allowing access to or from its EDT environment was compromised for certain customers.


All EDT customers have had their credentials reset or inactivated, even if their credentials were not impacted by the incident. We have communicated directly with our customers regarding this matter and have concluded that no additional action is required. In addition to resetting customer credentials, we have implemented substantial additional measures to provide increased protection to our systems and customers.


We will continue to communicate directly with our customers if needed. Given the confidential nature of our relationship with our customers and a pending law enforcement investigation, we do not anticipate further public statements regarding this matter.

Related: T-Mobile Hack Involved Exposed Router, Specialized Tools and Brute Force Attacks

Related: China Slams US Plan to Expel Phone Carriers in Tech Clash

Related: Major U.S. Mobile Carriers Vulnerable to SIM Swapping Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...