Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyber Insurance

Telecoms Giant Syniverse Discloses Years-Long Data Breach

Syniverse, a company whose connectivity services are used by nearly all mobile carriers in the world, said hackers had access to its information technology (IT) and operational technology (OT) systems for years.

Syniverse, a company whose connectivity services are used by nearly all mobile carriers in the world, said hackers had access to its information technology (IT) and operational technology (OT) systems for years.

Syniverse says it has roughly 1,250 customers across 200 countries, including a vast majority of the world’s mobile carriers, such as AT&T, Verizon, T-Mobile, Vodafone, China Mobile, Airtel, Telefónica, and América Móvil. The company’s services are used to connect the networks of different mobile carriers and enable the transmission of data. Syniverse says it enables billions of transactions, conversations and connections every day.

In a recent filing with the U.S. Securities and Exchange Commissions (SEC), the company admitted discovering a data breach in May 2021. An investigation revealed that an unknown threat actor had access to its OT and IT systems since May 2016.

“The results of the investigation revealed that the unauthorized access began in May 2016. Syniverse’s investigation revealed that the individual or organization gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (“EDT”) environment was compromised for approximately 235 of its customers,” the company said in its SEC filing.

It added, “Syniverse did not observe any evidence of intent to disrupt its operations or those of its customers and there was no attempt to monetize the unauthorized activity. Syniverse did not experience and does not anticipate that these events will have any material impact on its day-to-day operations or services or its ability to access or process data. Syniverse has maintained, and currently maintains, cyber insurance that it anticipates will cover a substantial portion of its expenditures in investigating and responding to this incident.”

Based on Syniverse’s description of the attack, it sounds like the work of a state-sponsored threat actor. If that is the case, it’s possible that the attackers may have only targeted a relatively small number of individuals, even though they may have had access to the information of millions — possibly billions — of people who use the services of the 235 Syniverse customers that have been confirmed to be impacted.

Vice’s Motherboard was the first to notice the data breach mentioned in the SEC document, which Florida-based Syniverse filed ahead of becoming a publicly traded company via a merger with M3-Brigade Acquisition II Corp., a special purpose acquisition company.

Syniverse is not sharing additional information about the impact of the incident, but Motherboard learned from a source working for a mobile carrier that — depending on what was being exchanged in the compromised environment — the attacker may have gained access to call records and message data, such as call length and cost, the numbers and location of the caller and receiver, and the content of SMS messages.

UPDATE: Syniverse has provided SecurityWeek the following statement:

Syniverse became aware of unauthorized activity in our Electronic Data Transfer (EDT) environment in late May 2021. As soon as we learned of the unauthorized activity, we implemented our security incident response plan and engaged a top-tier forensics firm to assist with our internal investigation. We also notified and are cooperating with law enforcement. Syniverse has completed a thorough investigation of the incident which revealed that the individual or organization gained unauthorized access to databases within its network on several occasions and that login information allowing access to or from its EDT environment was compromised for certain customers.


All EDT customers have had their credentials reset or inactivated, even if their credentials were not impacted by the incident. We have communicated directly with our customers regarding this matter and have concluded that no additional action is required. In addition to resetting customer credentials, we have implemented substantial additional measures to provide increased protection to our systems and customers.


We will continue to communicate directly with our customers if needed. Given the confidential nature of our relationship with our customers and a pending law enforcement investigation, we do not anticipate further public statements regarding this matter.

Related: T-Mobile Hack Involved Exposed Router, Specialized Tools and Brute Force Attacks

Related: China Slams US Plan to Expel Phone Carriers in Tech Clash

Related: Major U.S. Mobile Carriers Vulnerable to SIM Swapping Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.