Syniverse reveals a 5-year data breach: at least 235 affected customers

Messaging service supplier for AT&T, Verizon, and T-Mobile discloses that unauthorized access began in May 2016

The major mobile carrier revealed that the network was accessed by the hacker in 2016 for the first time

A major US telecom company partnering with the largest service providers revealed that hackers managed to access the system for five years.^[1] The data breach exposed billion of text messages and data of millions of phone users.^[2] The Syniverse company disclosed the incident to the Securities and Exchange Commission and admitted that the hacker gained access to the database for five years. However, the carriers for not specify if the hacker accessed text messages or any identifiable data.

According to the report^[3], the company found out about unauthorized access to the operational and technological systems back in May 2021. However, the internal investigation showed that the breach began in May 2016. The malicious actor or a group managed to gain access to the database related to the network on various occasions. Login information for 235 customers got affected.^[4]

Login information allowing access to or from its Electronic Data Transfer ('EDT') environment was compromised.

More details on this breach and affected customers should be revealed

A general statement is the only one that media and customers get from the company until the investigation is not entirely done and more details on the breach and affected customers should be described. Syniverse declines to answer any questions even though this is “the world's most connected company” linked to major US telecom service carriers. Law enforcement investigation is the process that keeps providers from revealing any additional details.

Syniverse processes at least 740 million texts daily, and these messages, call records are the sensitive Infomation that hackers could have accessed during these attacks on the network. The company is described as the one that fuels mobile communications for almost every person and device in the world, so the leakage of data can lead to major problems with privacy. Those affected users were informed, and the company has reset credentials for all EDT customers even though those customers were not affected by the security incident.

According to the officials, it is not required to take any additional action. Syniverse thinks that notifying customers is not needed, but the extra measures to provide better security and protection from similar attacks are important. Even though more problems can still be revealed, the carrier is confident that everything is under control.

Security issues and flaws – a dark cloud on future plans

The filling for SEC is a statement possibly related to the merge.^[5] The company plans to become publicly stated via a merger with M3-Brigade Acquisition II Corp. It means that investors should consider risk factors related to security and privacy that come from the breach and possible hacks affecting customers significantly.

Most mobile carriers rely on the Syniverse and its global network that transmits data and enables transactions, conversations, and connections. The company is important, and these security issues can indicate some vulnerabilities. There were other instances when the importance of connection and communication was shown. In November 2019, server failure led to the collapse of 168 000 messages that got delivered months later.^[6] messages got on the queue but were not delivered until the server got finally reactivated nine months later.

The company repeatedly declines all questions from media outlets, and specific concerns get left unanswered regarding the consequences of this 5-year hack. The breach might affect particular data, and if hackers managed to access metadata and read messages, obtain numbers, locations, this might result in a personally identifying information leak.