Syniverse, a telecommunications company that helps airlines such as Verizon, T-Mobile and AT&T send messages between each other and other carriers abroad, revealed last week that it was the subject of a possible five-year hack. If the name Syniverse sounds familiar, the company was also responsible for the disappearance of a shard of Valentine’s Day text messages in 2019.
That hack was highlighted in a Securities and Exchange Commission that filed Syniverse, which was released last week. In it, Syniverse shares that in May 2021, it “became aware of unauthorized access to its operating and information technology systems by an unknown person or organization.” The company did its due diligence in notifying law enforcement agencies and conducting an internal investigation, which resulted in the discovery that the security breach only started in May 2016. It is five years (possibly) unhindered access.
The hackers “gained unauthorized access to databases within its network on several occasions, and that login information that allowed access to or from its electronic data transfer (EDT) environment was compromised for approximately 235 of its customers,” the application reads. It can include access to call records and metadata such as phone numbers, locations and the content of text messages, according to Motherboard ‘s sources.
Syniverse’s SEC application states that the company notified everyone caught in the breach and resetting credentials was appropriate. In addition, “Syniverse has not observed any evidence that it intends to suspend its or the customer’s operations, and there was no attempt to monetize the unauthorized activity,” the application states. Verizon, AT&T, and Syniverse did not immediately respond to a request for comment The edge, while T-Mobile referred questions to CTIA. T-Mobile told it Ars Technica that it was “aware of a security incident” with Syniverse, but there is “no indication that personal information, call information or text message content from T-Mobile customers were affected.”
Syniverse’s security breach was revealed as the company tries to go public through a merger with a specialty trading firm (SPAC), but it appears it was a target in the first place because of the company’s size. Syniverse has spent the past decade becoming a quasi-gatekeeper for several U.S. carriers through acquisitions, The edgeprevious reporting found. Size matters in business, but as with the SolarWinds hack, it means even more when something goes wrong.