HackDig : Dig high-quality web security articles

Telecoms Giant Syniverse Discloses Years-Long Data Breach

2021-10-05 10:25

Syniverse, a company whose connectivity services are used by nearly all mobile carriers in the world, said hackers had access to its information technology (IT) and operational technology (OT) systems for years.

Syniverse says it has roughly 1,250 customers across 200 countries, including a vast majority of the world’s mobile carriers, such as AT&T, Verizon, T-Mobile, Vodafone, China Mobile, Airtel, Telefónica, and América Móvil. The company’s services are used to connect the networks of different mobile carriers and enable the transmission of data. Syniverse says it enables billions of transactions, conversations and connections every day.

In a recent filing with the U.S. Securities and Exchange Commissions (SEC), the company admitted discovering a data breach in May 2021. An investigation revealed that an unknown threat actor had access to its OT and IT systems since May 2016.

“The results of the investigation revealed that the unauthorized access began in May 2016. Syniverse’s investigation revealed that the individual or organization gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (“EDT”) environment was compromised for approximately 235 of its customers,” the company said in its SEC filing.

It added, “Syniverse did not observe any evidence of intent to disrupt its operations or those of its customers and there was no attempt to monetize the unauthorized activity. Syniverse did not experience and does not anticipate that these events will have any material impact on its day-to-day operations or services or its ability to access or process data. Syniverse has maintained, and currently maintains, cyber insurance that it anticipates will cover a substantial portion of its expenditures in investigating and responding to this incident.”

Based on Syniverse’s description of the attack, it sounds like the work of a state-sponsored threat actor. If that is the case, it’s possible that the attackers may have only targeted a relatively small number of individuals, even though they may have had access to the information of millions — possibly billions — of people who use the services of the 235 Syniverse customers that have been confirmed to be impacted.

Vice’s Motherboard was the first to notice the data breach mentioned in the SEC document, which Florida-based

Syniverse filed ahead of becoming a publicly traded company via a merger with M3-Brigade Acquisition II Corp., a special purpose acquisition company.

Syniverse is not sharing additional information about the impact of the incident, but Motherboard learned from a source working for a mobile carrier that — depending on what was being exchanged in the compromised environment — the attacker may have gained access to call records and message data, such as call length and cost, the numbers and location of the caller and receiver, and the content of SMS messages.

Related: T-Mobile Hack Involved Exposed Router, Specialized Tools and Brute Force Attacks

Related: China Slams US Plan to Expel Phone Carriers in Tech Clash

Related: Major U.S. Mobile Carriers Vulnerable to SIM Swapping Attacks


Source: -sraey-sesolcsid-esrevinys-tnaig-smocelet/kNZOJ3Zwx6x/3~/keewytiruces/r~/moc.elgoog.yxorpdeef

Read:42177 | Comments:0 | Tags:Cyberwarfare Mobile Security NEWS & INDUSTRY Incident Re

“Telecoms Giant Syniverse Discloses Years-Long Data Breach”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud