Gemalto Confirms It Was Hacked But Insists the NSA Didn’t Get Its Crypto Keys

Gemalto, the Dutch maker of billions of mobile phone SIM cards, confirmed this morning that it was the target of attacks in 2010 and 2011—attacks likely perpetrated by the NSA and British spy agency GCHQ. But even as the the company confirmed the hacks, it downplayed their significance, insisting that the attackers failed to get inside the network where cryptographic keys are stored that protect mobile communications.

Gemalto came to this conclusion after just a weeklong investigation following a news report that the NSA and GCHQ had hacked into the firm’s network in 2011. The news was reported by The Intercept last week, which said the agencies had gained access to huge cache of the cryptographic keys used with its SIM cards.

“The investigation into the intrusion methods described in the document and the sophisticated attacks that Gemalto detected in 2010 and 2011 give us reasonable grounds to believe that an operation by NSA and GCHQ probably happened,” Gemalto wrote in a press release on Wednesday. But, the company said, “The attacks against Gemalto only breached its office networks and could not have resulted in a massive theft of SIM encryption keys.”