Syniverse has revealed to government regulators that it has been the victim of a five-year breach impacting hundreds of customers.

In a filing with the Securities and Exchange Commission (SEC) last week, Syniverse disclosed that an unknown “individual or organisation gained unauthorized access to databases within it network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (EDT) environment was compromised for approximately 235 of its customers.”

The unauthorised access was found to have been ongoing since May 2016.

The firm stated that all EDT customers have been notified and have had their credentials reset or inactivated, even if their credentials were not impacted by the incident. 

“While Syniverse believes it has identified and adequately remediated the vulnerabilities that led to the incidents described above, there can be no guarantee that Syniverse will not uncover evidence of exfiltration or misuse of its data or IT systems from the May 2021 Incident, or that it will not experience a future cyber-attack leading to such consequences,” it said. 

“Any such exfiltration could lead to the public disclosure or misappropriation of customer data, Syniverse’s trade secrets or other intellectual property, personal information of its employees, sensitive information of its customer, suppliers and vendors, or material financial and other information related to its business.”

It remains unclear as to what information the attackers may have gained access with the EDT compromise./

Syniverse claims to process over 740 billion messages each year for 300+ global mobile operators inluding AT&T, T-Mobile, Verizon and Vodafone.