The Dutch multinational was unaware its network had been hacked, said Paul Beverly, executive vice president at Gemalto, according to the report. "I'm disturbed, quite concerned that this has happened," he said. "What I want to understand is what sort of ramifications it has, or could have, on any of our customers."
The stolen encryption keys allow the hacker (or hackers) to monitor mobile communications without legal approval and without leaving a trail, the report added. "Once you have the keys, decrypting traffic is trivial," Christopher Soghoian, the American Civil Liberties Union's principal technologist, told the website. "The news of this key theft will send a shock wave through the security community."
"We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such [a] highly sophisticated technique to try to obtain SIM card data. From what we gathered at this moment, the target was not Gemalto, per se—it was an attempt to try and cast the widest net possible to reach as many mobile phones as possible," Gemalto said in a statement.
Read the full report here.