Syniverse, which counts AT&T, Verizon, and T-mobile as some of its clients, announced in a filing dated September 27 to the SEC that the company’s investigation found that unauthorized access to its systems began in May 2016, although the company didn’t discover the breach until May 2021.
Telecommunications giant Syniverse disclosed to the Securities and Exchange Commission last week that hackers had infiltrated its systems, a breach that exposed billions of text messages and millions of cell phone users’ data over the past five years.
“Syniverse has experienced, and may in the future face, hackers, cybercriminals or others gaining unauthorized access to, or otherwise misusing, its systems to misappropriate its proprietary information and technology, interrupt its business, and/or gain unauthorized access to its or its customers’ confidential information,” the company said in its SEC filing.
The company said the breach compromised login information for 235 of its clients and that the company contacted its clients who had been affected and had notified law enforcement. In previous press releases, Syniverse has described itself as a company that “fuels mobile communications for nearly every person and device in the world.”
The company revealed the security breach as it prepares to go public via a merger with M3-Brigade Acquisition II Corp, a special purpose acquisition company. Syniverse did not immediately respond to Insider’s request for comment.
A former Syniverse employee told Vice that Syniverse systems often carry sensitive information, like text messages and call records, and that the hackers could have accessed this information as well.
“Syniverse systems have direct access to phone call records and text messaging, and indirect access to a large range of Internet accounts protected with SMS 2-factor authentication,” Karsten Nohl, a security researcher, told Vice. “Hacking Syniverse will ease access to Google, Microsoft, Facebook, Twitter, Amazon and all kinds of other accounts, all at once.”