wordpress blog stats
Connect with us

Hi, what are you looking for?

Text message routing company Syniverse’s data breach and why it matters, briefly explained

With major telcos like Airtel listed as Syniverse clients, did the hack that lasted for five years put the data of Indians at stake?

USA-based Syniverse, a company that routes billions of text messages of major US carriers such as Verizon, T-Mobile, etc, and which also lists Airtel as its customer, in a regulatory filing declared that it suffered a hack of its internal systems from 2016 to 2021.

On September 27, the company in a filing with the US Securities and Exchange Commission (SEC), said, “In May 2021, Syniverse became aware of unauthorized access to its operational and information technology systems by an unknown individual or organization. Promptly upon Syniverse’s detection of the unauthorized access, Syniverse launched an internal investigation, notified law enforcement, commenced remedial actions and engaged the services of specialized legal counsel and other incident response professionals.”

Before going into the details of the hack, let’s start at the beginning —

What exactly does Syniverse do?

According to this article by The Verge, among other functions, Syniverse is responsible for handling billions of texts of major telcos in the US. For instance, if an AT&T customer wants to send a message to the same carrier, then it can be done directly. However, the need for a third party comes when the message has to be sent from one telecom carrier to the other.

“A third-party company needs to take on the work of translating (one carrier’s) message into the (other’s) protocol, and physically routing it from one network to the other,” the report by The Verge said. Syniverse works as the third party and it delivers 600 billion messages every month, the report added.

Advertisement. Scroll to continue reading.

Who are its customers?

According to Syniverse’s SEC filing, the following telecom carriers are clients:

  • AT&T Mobility
  • Verizon Wireless
  • T-Mobile USA
  • America Movil
  • Vodafone
  • Telefonica
  • China Mobile
  • Airtel

Others include

  • Twilio
  • “Three of the five largest social networking sites in the U.S.”
  • “One of the largest social networking sites in China”
  • “Top three credit card networks worldwide”
  • “Four of the five top U.S. banks”

In the regulatory filing, Syniverse did not provide any identifiable name for the social networking sites, or credit card networks, and the way it described these companies have been included here unedited.

What do we know about the hack?

Syniverse in their SEC filing said that they conducted an investigation into the matter when they discovered the breach in May 2021. This is what they declared to have found out —

  • Unauthorised access began in May 2016.
  • An individual or organisation gained unauthorised access to databases within its network on several occasions.
  • Login information allowing access to or from its Electronic Data Transfer (“EDT”) environment was compromised for approximately 235 of its customers.

However, it is important to point out that Syniverse did not provide any details on what kind of data was exposed, or whether text messages were exposed. MediaNama has reached out to Syniverse in further detail regarding the matter and whether there has been any impact on Indian carriers or citizens.

Since Syniverse listed Airtel as its customer, MediaNama has also reached out to the telecom carrier for comments on the matter. Apart from that, we have given queries to Reliance Jio and VodafoneIdea.

What did Syniverse do about the hack?

The company said that the affected Electronic Data Transfer environment customers were notified and their credentials were reset or deactivated. “All customers whose credentials were impacted have been notified of that circumstance,” it said.

Syniverse has notified all affected customers of this unauthorized access where contractually required, and Syniverse has concluded that no additional action, including any customer notification, is required at this time. Syniverse did not observe any evidence of intent to disrupt its operations or those of its customers and there was no attempt to monetize the unauthorized activity — Syniverse in its regulatory filing

What next and why it matters?

Syniverse has maintained that its cyber insurance will cover a substantial portion of its expenditures in investigating and responding to the hacking incident. Syniverse also said that it has identified and remediated the vulnerabilities that led to the incidents. It did not mention what those measures are in the filing.

Since Syniverse has said that Airtel is one of their customers, and since there is a possibility that other major Indian telcos too may be customers of the company, it is necessary to question whether data of Indian citizens or companies were exposed in this five-year hack.

Advertisement. Scroll to continue reading.

Also read

Have something to add? Post your comment and gift someone a MediaNama subscription.

Written By

Among other subjects, I cover the increasing usage of emerging technologies, especially for surveillance in India

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.

News

When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.

News

The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.

News

In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...

News

By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...

You May Also Like

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ