A company with an expansive impact on millions, if not billions of cellphone users around the world has quietly disclosed that its systems were breached by hackers five years ago, Motherboard reports. Though the hacking started in May 2016, the company reportedly only discovered the breach in May 2021. The company, Syniverse, provides backbone services to wireless companies like AT&T, Verizon, T-Mobile, and other international carriers. It processes more than 740 billion texts annually, routing them from one carrier to another. The company repeatedly declined to answer specific questions from Motherboard.
A former Syniverse employee who now works at another telecommunications firm told the outlet that a hacking of that scale could have potentially exposed metadata like phone numbers, the locations of the parties on either end of a call, and the content of text messages. The breach was disclosed in a filing to the U.S. Securities and Exchange Commission on Sept. 27. Documents stated that an unknown “individual or organization gained unauthorized access to databases within its network on several occasions,” and more than 235 clients had been confirmed to have been directly affected. Experts consulted by Motherboard said the five-year hack could have exposed many, many more, given Syniverse’s scale.