By Amir Mizroch in London And Maarten van Tartwijk in Amsterdam 

Gemalto NV, one of the world's largest cellphone SIM-card providers, scrambled Friday to respond to a report that U.S. and British intelligence agencies hacked into its systems.

The alleged hack--reported by a news site that has been a conduit of leaks from former National Security Agency contractor Edward Snowden--raises fresh questions about Western governments' attempts to tap into private companies to gain access to personal-communication data, potentially circumventing legal procedures and privacy safeguards.

For Netherlands-based Gemalto, it also raises the prospect of significant financial pain, with some analysts saying the company may be forced to recall chips if the alleged leak raises widespread worry among telecommunications customers or individual users over privacy.

Shares in the digital-security company--whose customers include customers including telecommunications giants China Mobile Ltd., Vodafone Group PLC and Verizon Communications Inc.--fell nearly 7% at one stage in Friday morning trading in Amsterdam.

Gemalto said it was investigating the alleged breach after a report Thursday by the Intercept, a news site set up by Glenn Greenwald, the American journalist who has been a principal disseminator of classified material from Mr. Snowden.

"We cannot at this early stage verify the findings of the publication and had no prior knowledge that these agencies were conducting this operation," Gemalto said in a written statement. "We take this publication very seriously and will devote all our resources necessary to fully investigate and understand the scope of such sophisticated techniques."

The report alleges that the U.S. NSA and the U.K.'s Government Communications Headquarters, or GCHQ, started hacking the company in 2010 to steal encryption keys used to protect the privacy of mobile-phone communications. It cites GCHQ documents describing a joint GCHQ-NSA team called the Mobile Handset Exploitation Team. According to the leaked document, government hackers said they had gained access to "core mobile networks" through penetrating Gemalto's computer systems and intercepting encryption keys the company implants into the SIM cards it ships to customers. The company sends a corresopnding key to its mobile-operator customers.

"Successfully implanted several machines and believe we have their entire network," one leaked document said.

GCHQ, in a statement, said it doesn't comment on intelligence matters. But it said all of its work "is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorized, necessary and proportionate" and that it is subject to "rigorous oversight" by the government and parliament. "All our operational processes rigorously support this position. In addition, the U.K.'s interception regime is entirely compatible with the European Convention on Human Rights," GCHQ said.

A representative of the NSA couldn't be reached for comment. A spokesperson for the U.S. Embassy in the Netherlands wasn't immediately available for comment.

Gemalto develops and installs security and identification software in a line of products such as SIM cards, which go into cellphones, payment cards and electronic identification documents. SIM cards in phones are embedded with an encryption key--a mathematical code that conducts a "digital handshake" with a mobile carrier's network, which has the corresponding encryption key for that specific SIM card. Once that digital identification process has been completed, the call or data transfer is encrypted and can proceed in both directions. According to its website, Gemalto has 450 mobile-network operators as customers. It recorded EUR2.4 billion ($2.72 billion) in revenue in 2013.

The alleged breach isn't the first instance in which a Western government agency has been accused of tapping into the infrastructure of a private company to gain access to personal communications. Previous leaks by Mr. Snowden allege U.S. and British agencies have attempted to access infrastructure at big American tech companies, including Google Inc., without those companies' knowledge to access individual communications and data.

Telecommunications and tech companies have also routinely provided authorities in the U.S., Britain and beyond with data about cellphone users after specific requests by those agencies. But those requests are typically routed through courts or other legal procedures.

Microsoft Corp., Google, Yahoo Inc. and Facebook Inc., for instance, all supply user data to the NSA, in response to secret orders from a Foreign Intelligence Surveillance court, under a program known as Prism that was previously disclosed in Snowden leaks.

Because of Gemalto's position as a provider of SIM cards, the alleged hack opens up a potentially new avenue through which Western agencies may have worked to obtain cellphone data carried on dozens of large telecommunications networks around the world.

If Gemalto finds evidence of a security breach, it could trigger calls for the company and its customers to recall its chips, some analysts said.

"Gemalto could be forced to replace a large number of SIM cards, which could be a costly exercise," analysts at Dutch lender Rabobank wrote Friday in a research note. "Gemalto has a lot to lose here."

Spokespeople for China Mobile, the world's largest telecommunications provider by subscribers, and several other big Gemalto customers weren't immediately available for comment.

In a statement, Vodafone, No. 2 behind China Mobile, said "we have no further details of these allegations which are industrywide in nature and are not focused on any one mobile operator. We will support industry bodies and Gemalto in their investigations."

Write to Maarten van Tartwijk at maarten.vantartwijk@wsj.com

Access Investor Kit for Vodafone Group Plc

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=GB00BH4HKS39

Access Investor Kit for China Mobile Ltd.

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=HK0941009539

Access Investor Kit for Gemalto NV

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=NL0000400653

Access Investor Kit for China Mobile Ltd.

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=US16941M1099

Access Investor Kit for Gemalto NV

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=US36863N2080

Access Investor Kit for Google, Inc.

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=US38259P5089

Access Investor Kit for Google, Inc.

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=US38259P7069

Access Investor Kit for Vodafone Group Plc

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=US92857W3088

Subscribe to WSJ: http://online.wsj.com?mod=djnwires

Grafico Azioni Vodafone (LSE:VOD)
Storico
Da Feb 2024 a Mar 2024 Clicca qui per i Grafici di Vodafone
Grafico Azioni Vodafone (LSE:VOD)
Storico
Da Mar 2023 a Mar 2024 Clicca qui per i Grafici di Vodafone