Tag: Gemalto

Countries differ on cloud data protection

Posted on January 17, 2018 by - News

56f884651f7b35416b9b4ca955d350b3--pom-pom-mobile-cloud-mobileA new study penned by the Gemalto and Ponemon Institute shows that significant gaps are emerging between countries on attitudes towards data protection in the cloud

The study reveals regional disparities in adoption of cloud security: German businesses almost twice as likely to secure confidential or sensitive information in the cloud (61 percent) than British (35 percent), Brazilian (34 percent) and Japanese (31 percent) organisations.

Half of the global outfits believe that payment information (54 percent) and customer data (49 percent) is at risk in the cloud.

Over half (57 percent) think using the cloud increases compliance risk.

The report said that while the vast majority of global companies (95 percent) have adopted cloud services, there is a wide gap in the level of security precautions applied by firms in different markets. Organisations admitted that on average, only two-fifths (40 percent) of the data stored in the cloud is secured with encryption and key management solutions.

The findings organisations in the UK (35 percent), Brazil (34 percent) and Japan (31 percent) are less cautious than those in Germany (61 percent) when sharing sensitive and confidential information stored in the cloud with third parties. The study surveyed more than 3,200 IT and IT security practitioners worldwide to gain a better understanding of the key trends in data governance and security practices for cloud-based services.

Germany’s lead in cloud security extends to its application of controls such as encryption and tokenisation. The majority (61 percent) of German organisations revealed they secure sensitive or confidential information while being stored in the cloud environment, ahead of the US (51 percent) and Japan (50 percent). The level of security applied increases further still when data is sent and received by the business, rising to 67 percent for Germany, with Japan (62 percent) and India (61 percent) the next highest.

Crucially, however, over three quarters (77 percent) of organisations across the globe recognise the importance of having the ability to implement cryptologic solutions, such as encryption. This is only set to increase, with nine in 10 (91 percent) believing this capability will become more critical over the next two years – an increase from 86 percent last year.

Despite the growing adoption of cloud computing and the benefits that it brings, it seems that global organisations are still wary. Worryingly, half report that payment information (54 percent) and customer data (49 percent) are at risk when stored in the cloud. Over half (57 percent) of global organisations also believe that using the cloud makes them more likely to fall foul of privacy and data protection regulations, slightly down from 62 percent in 2016.

Due to this perceived risk, almost all (88 percent) believe that the new General Data Protection Regulation (GDPR), will require changes in cloud governance, with two in five (37 percent) stating it would require significant changes. As well as difficulty in meeting regulatory requirements, three-quarters of global respondents (75 percent) reported that it is more complicated to manage privacy and data protection regulations in a cloud environment than on-premise networks. France (97 percent) and the US (87 percent) finding this the most complex, just ahead of India (83 percent).

The study found that there is a gap in awareness within businesses about the services being used. Only a quarter (25 percent) of IT and IT security practitioners revealed they are very confident they know all the cloud services their business is using, with a third (31 percent) confident they know.

Gemalto Data Protection CTO Jason Hart said: “While it’s good to see some countries like Germany taking the issue of cloud security seriously, there is a worrying attitude emerging elsewhere. This may be down to nearly half believing the cloud makes it more difficult to protect data when the opposite is true.

“The benefit of the cloud is its convenience, scalability and cost control in offering options to businesses that they would not be able to access or afford on their own, particularly when it comes to security.

“However, while securing data is easier, there should never be an assumption that cloud adoption means information is automatically secure. Just look at the recent Accenture and Uber breaches as examples of data in the cloud that has been left exposed. No matter where data is, the appropriate controls like encryption and tokenisation need to be placed at the source of the data. Once these are in place, any issues of compliance should be resolved.”

 

 

 

Thales swallows Gemalto

Posted on December 18, 2017 by - News

Barracuda-1Security outfits Thales and Gemalto have reached a merger agreement.

The pair have settled on an all-cash offer for all issued and outstanding ordinary shares of Gemalto, for a price of €51 per share.

Patrice Caine, Thales’s Chairman and Chief Executive Officer, said that the acquisition of Gemalto was a milestone in the implementation of Thales’s strategy.

“Together with Gemalto’s management, we have big ambitions based on a shared vision of the digital transformation of our industries and customers. Our project will be beneficial to innovation and employment, whilst respecting sovereign strategic technologies.”

He said the pair share the same culture and DNA which must have been a traumatic merger meeting.

It means that Gemalto’s 15,000 employees will join the group to make a significant digital security player.

Philippe Vallée, Gemalto’s Chief Executive Officer, said: “I am convinced that the combination with Thales is the best and the most promising option for Gemalto and the most positive outcome for our Company, employees, clients, shareholders and other stakeholders. We share the same values and Gemalto will be able to pursue its strategy, accelerate its development and deliver its digital security vision, as part of Thales.”

Over the past three years, Thales has increased its focus on digital technologies, investing over €1 billion in connectivity, cybersecurity, data analytics and artificial intelligence, in particular with the acquisition of Sysgo, Vormetric and Guavus. The integration of Gemalto, reinforces Thales’s digital offering, across its five vertical markets – aeronautics, space, ground transportation, defence and security.

Altogether, this new business unit will represent around 20 percent of pro forma Group revenues and rank among the top three players worldwide, with €3.5 billion revenues in the digital security market.

Apparently, according to the spinners: “Thales will be ideally positioned to offer an end-to-end solution, to secure the full critical digital decision chains, from data creation in sensors to real-time decision making. This unrivalled and innovative technology portfolio will put Thales in a highly differentiated position to provide enterprises and governments with a seamless response to the data security challenges that lie at the heart of their digital transformation.”

Whatever that means.

 

Device makers embracing software over hardware

Posted on December 14, 2017 by - News

Software-and-Application-SecurityA report from digital security outfit Gemalto has found that the device manufacturing industry is embracing software over hardware as its primary business model.

The change highlights how crucial software is becoming to device manufacturers, in improving business performance and growing revenue. And, as end-users begin to demand more options and control of their devices and data, entire industries are being forced to change their business models and strategies to cater to their customers.

According to Gemalto’s ‘How Software is Powering the Hardware Renaissance‘ report, the majority (84 percent) of organisations in the sector are changing how they operate. More than 37 percent have already made a full shift to a software-centric business model, one that places software at the core of how a company delivers value and generates revenue.

The research also found that 94 percent of respondents have increased their investment in software development in the last five years. Germany is leading the charge. All German organisations questioned have boosted their software-based services over this time; with France second (98 percent) and the US (93 percent) in third.

Hardware technology companies are already reaping substantial benefits – of those that have changed their models, the average increase in revenue has been 11 percent. They expect further growth in the next five years, with the revenue from software projected to rise from 15-18 percent.

As well as revenue growth, businesses that have moved to software-based selling have seen other benefits. Over eight in 10 have driven diversity in hardware with software features (86 percent), implemented remote feature upgrades (84 percent) and improved customer experience (84 percent). Businesses also report having a more flexible strategy that allows them to adapt to market change (79 percent), better control copy protection (76 percent) and being more competitive (73 percent).

These changes are also having a positive impact on employees. The majority of businesses have retrained their employees (64 percent) and hired new ones (58 percent), with 61 percent also revealing they have or intend to reshuffle employees into different roles.

With businesses starting to see the potential of the IoT, software-based business models are generating commercial benefits. Around nine in 10 respondents believe IoT is driving growth in the industry and that IoT itself is a chance to change their company’s business model (85percent). Enabling automated upgrades (61percent), remote support (57 percent), collecting usage analytics (54 percent) and gathering increased and higher quality customer insights (53 percent) are the main benefits businesses see IoT enabling.

Changing from hardware to a software-based selling model isn’t without challenges. When it comes to practicalities, almost all organisations (96 percent) that have changed, or are changing, have experienced some difficulties in making the transition work.

Looking at the challenges faced in more detail, half of the respondents reported that they needed to hire staff with different skills. Around one in three said solutions evolved organically without a central strategy (36 percent) and managed new sales and operational methodologies with old legacy processes (34 percent), caused challenges in the transition.

Gemalto Senior Vice President, Software Monetisation Shlomo Weiss said: “The results of this survey validate what we see on a daily basis with our customers as we help them make this transition. Companies who adopt software-based revenue models will reap three main benefits: long-term relationships with their customers, predictable revenue streams and a clear competitive advantage. From gaining insight into product usage, to pay-per-use payment structures and on to new market penetration – all the companies we surveyed identified a real need to transform how they do business.”

Consumers will abandon insecure businesses

Posted on December 1, 2017 by - News

sdfgdsfgsdfgsdfgCompanies that suffer from a data breach could lose more than 70 percent of their customers, according to a new survey.

Ok, the survey was carried out by Gemalto which is a security company, but it was based on questions asked to 10,000 consumers.

Just under 70 percent of consumers feel businesses don’t take the security of customer data very seriously.

This is a little ironic because the Gemalto study found that consumers are failing to adequately secure themselves, with over half (56 percent) still using the same password for multiple online accounts.

Even when businesses offer robust security solutions, such as two-factor authentication, two fifths (41 percent) of consumers admit to not using the technology to secure social media accounts, leaving them vulnerable to data breaches.

This may be because the majority of consumers (62 percent) believe the business holding their data is mostly responsible for its security.

This is resulting in businesses being forced to take additional steps to protect consumers and enforce robust security measures, as well as educate them on the benefits of adopting these. Retailers (61 percent), banks (59 percent) and social media sites (58 percent) were found to have a lot of work to do, with these being sectors that consumers would leave if they suffered a breach.

Gemalto Identity and Data Protection CTO Jason Hart said: “Consumers are evidently happy to relinquish the responsibility of protecting their data to business, but are expecting it to be kept secure without any effort on their part.”

“In the face of upcoming data regulations such as GDPR, it’s now up to businesses to ensure they are forcing security protocols on their customers to keep data secure. It’s no longer enough to offer these solutions as an option. These protocols must be mandatory from the start – otherwise, businesses will face not only financial consequences but also potential legal action from consumers.”

Despite their behaviour, consumers’ security concerns are high, as two-thirds worry they will be victims of a data breach shortly.

Consequently, consumers now hold businesses accountable – if their data is stolen, 93 percent of consumers would take or consider taking legal action against the compromised business.

More than half believe that social media sites are one of the biggest threats to their data, with 20 percent fearful of travel sites – worryingly, 9 percent think no sites pose a risk to them.

A third of consumers trust banks the most with their data, despite them being frequent targets and victims of data breaches, with industry certified bodies (12 percent), device manufacturers (11 percent ) and the government (10 percent ) next on the list.

Hart said: “It’s astonishing that consumers are now putting their data at risk, by failing to use these measures, despite growing concerns around their security. It’s resulting in an alarming amount of breaches – 80 percent – being caused by weak or previously stolen credentials. Something has to change soon on both the business and consumer sides, or this is only going to get worse.”

Gemalto launches cloudy security

Posted on November 6, 2017 by - News, Products

Ominous Clouds over Dublin CityDigital security outfit Gemalto has announced the launch of SafeNet Data Protection On Demand, a centralised cloud-based services platform which it claims will help companies to protect data, meet compliance mandates and manage the security of all their sensitive information in every location.

Gemalto executive vice president for Enterprise & Cybersecurity Sebastien Cano said that businesses are challenged by the cost and complexity of protecting data across disparate IT infrastructures and hybrid cloud environments.

SafeNet Data Protection On Demand helps solve these issues by providing a single data security-as-a-service platform that integrates easily with existing IT systems, DevOps tools and cloud services to protect wherever data is created, accessed or stored.

SafeNet Data Protection On Demand makes enterprise-grade data protection accessible to companies of all of sizes – from the smallest to the largest of enterprises. With no hardware and software to buy, configure or manage and simple pay-as-you-go pricing, companies can more cost effectively and quickly deploy data protection to secure sensitive information in any environment on demand.

The big idea is that a client can integrate security across all company IT systems and removes barriers between business and DevOps, expediting go-to-market timelines.

By tying up with Gemalto’s extensive partner ecosystem they can  integrate data security across their multi-cloud applications. The platform is designed to work with many of the most widely used IT products and technology companies such as Amazon Web Services, Dell EMC, Google, IBM, Microsoft, NetApp, Huawei, Oracle and Salesforce. In addition, customers can quickly develop and build secure higher order use cases through proprietary and third-party APIs.

Cano said: “Complexity has always been a pain point for organizations when it comes to deploying encryption and key management, and the growth of cloud computing and the Internet of Things (IoT) will only magnify this challenge.”

 

Gemalto finds bigger breaches on the rise

Posted on September 21, 2017 by - News

hqdefaultSecurity vendor Gemalto claims that more data was stolen in the first half of this year than in the entirety of 2016, but the number of reported European breaches dropped 35 percent.

According to Gemalto research, over 1.9 million data records were nicked compared to just under 1.4 million in all of 2016, representing an increase of 164 percent.

The report said that the numbers of data records pinched will grow significantly, especially as government regulations in the US, Europe and elsewhere enact laws to protect the privacy and data of their constituents by associating a monetary value to improperly securing data.

“Security is no longer a reactive measure but an expectation from companies and consumers”, the report said.

Gemalto’s research found identity theft to be the leading type of data breach, accounting for 74 percent of all breaches in the first six months of this year. The number of records exposed as a result of identity theft jumped 255 percent.

North America maintained its position as the number one attack target, making up over 86 percent of both total breaches and total records stolen.

Gemalto said that North America has always seen the most declared data breaches, but said it expects that to change once the General Data Protection Regulation comes into effect next year.

In the first of half of this year European companies reported 49 data breaches, reflecting just five percent of the global total and a decline of 35 percent on the previous six months, Gemalto said.

IT professionals have outdated view about security

Posted on July 11, 2017 by - News

galleryreconstructiondrawinghadrianswallwalltowncragsj940488Despite the increasing number of data breaches and nearly 1.4 billion data records being lost or stolen in 2016 the vast majority of IT professionals still believe perimeter security is effective at keeping unauthorised users out of their networks. However, companies are under investing in technology that adequately protects their business.

According to the findings of the fourth-annual Data Security Confidence Index released today by Gemalto businesses feel that perimeter security is keeping them safe, with most (94 percent) believing that it is quite effective at keeping unauthorized users out of their network. However, 65 percent are not extremely confident their data would be protected, should their perimeter be breached, a slight decrease on last year (69 percent). Despite this, nearly six in 10 (59 percent) organisations report that they believe all their sensitive data is secure.

Many businesses are continuing to prioritise perimeter security without realising it is largely ineffective against sophisticated cyberattacks. According to the research findings, 76 percent  said their organisation had increased investment in perimeter security technologies such as firewalls, IDPS, antivirus, content filtering and anomaly detection to protect against external attackers. Despite this investment, two thirds (68 percent) believe that unauthorised users could access their network, rendering their perimeter security ineffective.

These findings suggest a lack of confidence in the solutions used, especially when over a quarter (28 percent) of organizations have suffered perimeter security breaches in the past 12 months. The reality of the situation worsens when considering that, on average, only eight percent of data breached was encrypted.

Businesses’ confidence is further undermined by over half of respondents (55 percent) not knowing where their sensitive data is stored. In addition, over a third of businesses do not encrypt valuable information such as payment (32 percent) or customer (35 percent) data. This means that, should the data be stolen, a hacker would have full access to this information, and can use it for crimes including identify theft, financial fraud or ransomware.

Gemalto’s  , Vice President and Chief Technology Officer for Data Protection Jason Hart said that it is clear that there is a divide between organizations’ perceptions of the effectiveness of perimeter security and the reality.

“By believing that their data is already secure, businesses are failing to prioritize the measures necessary to protect their data. Businesses need to be aware that hackers are after a company’s most valuable asset – data. It’s important to focus on protecting this resource, otherwise reality will inevitably bite those that fail to do so.”

With the General Data Protection Regulation (GDPR) becoming enforceable in May 2018, businesses must understand how to comply by properly securing personal data to avoid the risk of administrative fines and reputational damage. However, over half of respondents (53 percent) say they do not believe they will be fully compliant with GDPR by May next year. With less than a year to go, businesses must begin introducing the correct security protocols in their journey to reaching GDPR compliance, including encryption, two-factor authentication and key management strategies.

Hart said, “Investing in cybersecurity has clearly become more of a focus for businesses in the last 12 months. However, what is of concern is that so few are adequately securing the most vulnerable and crucial data they hold, or even understand where it is stored. This is standing in the way of GDPR compliance, and before long the businesses that don’t improve their cybersecurity will face severe legal, financial and reputational consequences.”

 

Gemalto teams up with Enfuce in Nordic alliance

Posted on May 18, 2017 by - News

Screen-Shot-2017-03-11-at-6.59.36-PMDigital security Gemalto has signed a deal with the Finnish-based financial services provider Enfuce.

The idea is to offer enterprises a rapid and cost-efficient deployment of convenient and strong customer authentication using mobile devices.

Enfuce has launched its cloud-based ‘authentication as a service’ solution, designed to make it simple for financial institutions, retailers and fintechs to secure their mobile applications.

It is built on Gemalto’s Mobile Protector Software Development Kit (SDK) and Confirm Authentication Server (CAS).  Users can decide to be authenticated for the transactions using a PIN code, fingerprint or facial recognition,

Using its Mobile Protector SDK, Enfuce’s customers can deploy secured mobile applications in a matter of weeks, helping them to comply with PSD2 banking regulations.

Gemalto Mobile Protector SDK provides Enfuce’s customers with APIs, needed to embed security into their mobile applications, without requiring developers to master security principles.

Initially targeting the Nordics, where it has already been sold, Enfuce plans to extend the service across Europe.

Enfuce CEO for Monika Liikamaa said: “The introduction of this ground-breaking ‘authentication as a service’ solution reflects our commitment to enable profound changes in the payment industry. By combining our extensive knowledge of the financial sector with Gemalto’s authentication capabilities, we can offer a ‘plug and play’ service that leaves clients free to focus on core activities.”

Gemalto gives Mercs smartphone keys

Posted on May 15, 2017 by - News

4550a36b2d1a5bc005e1abbfeafa461cDigital security outfit Gemalto is providing its Trusted Services Hub (TSH) to support Daimler AG’s new smartphone-based ‘digital vehicle key’ for the Mercedes-Benz E-Class range.

The premium car maker’s “innovative solution” gives drivers the freedom to lock/unlock and start their vehicles using their NFC smartphone. Gemalto’s TSH enables seamless and secure over-the-air deployment of the digital keys to any type of phone that supports the solution.

Drivers can lock/unlock their cars by simply placing the smartphone against the door handle. The engine can also be turned on with the phone in the charging tray of the dashboard and pressing the start button. It works even if the phone battery is drained and means you don’t need keys – unless your phone is out of battery, or stolen.

The Secure Element is a tamper resistant hardware platform, capable of securely hosting applications and storing confidential and cryptographic data. It can be found in a SIM provided by a Mobile Network Operator and/or an eSE (embedded Secure Element) built into phone handset by OEMs, the company claims.

The idea is part of the ‘Mercedes me connect’ programme.

Christine Caviglioli, vice president New Mobility Solutions at Gemalto said that digitalisation demands that companies harness their expertise to make friends and influence people with all stakeholders within the connected car ecosystems.

“For Daimler AG, this aim is supported by our solutions, which enable it to offer customers innovative services through their preferred device, without compromising security.”

Gemalto suffers from poor US sales

Posted on March 22, 2017 by - News

USmilitaryOUTSecurity outfit  Gemalto expects its revenue for first quarter to be lower by seven percent to nine percent at constant exchange rates compared to the same period of 2016. This is mainly due to lower than expected Payment business revenue in the United States.

The Gemalto Payment business revenue for the full year 2017 is estimated to be around €100 million lower than its initial expectation. This update primarily reflects a double digit decline in its assumption for the payment cards total available market in the United States due to EMV card inventory levels at its customers in the first semester. This situation also leads to a lower contribution from personalization services.

Looking ahead, taking into account the first quarter trend, Gemalto now expects its 2017 profit from operations outlook to be at a similar level to 2016. Gemalto is currently reviewing its action plan to minimize the impact.

The company will provide further details when it publishes its first quarter revenue on April 28, 2017.

Customers will blame companies for data breaches

Posted on January 17, 2017 by - News

affiche.Blame.51335Customers believe that outfits who hold their data are responsible for any data breaches and will not see themselves as responsible in anyway.

A new report created by digital security outfit Gemalto said that customers put any responsibility for protecting their personal data firmly at the hands of the organizations holding their data – and not themselves.

Of the 9,000 customers surveyed worldwide, 70 percent of the responsibility for protecting and securing customer data lies with companies and only 30 percent of the responsibility with themselves.

Less than a third of customers believe companies are taking protection of their personal data very seriously. This comes as customers are becoming increasingly fearful of their data being stolen, with 58 percent believing it will happen to them in the future. More than 4.8 billion data records have been exposed since 2013 with identity theft being the leading type of data breach accounting for 64 percent of all data breaches.

Despite becoming more aware of the threats posed to them online, only one in ten believe there are no apps or websites out there that pose the greatest risk to them and consumers are not changing behavior as a result:

• 80 per cent use social media, despite 59 percent believing these networks pose a great risk
• 87 per cent use online or mobile banking, with 34 percent believing they leave them vulnerable to cybercriminals
• Consumers are also more likely to shop online during busy commercial periods such as Black Friday and Christmas (2 percent increase online versus -2 per cent decrease in store), despite 21 percent admitting
the threat of cybercrime increases a lot during these periods

Nearly 60 per cent believe they will be a victim of a breach at some point, and organizations need to be prepared for the loss of business such incidents may cause. Most consumers who currently use the following, say they would stop using a retailer (60 per cent), bank (58 percent) or social media site (56 percent) if it suffered a breach, while 66 per cent say they would be unlikely to do business with an organisation that experienced a breach where their financial and sensitive information was stolen.

The lack of consumer confidence could be due to the lack of strong security measures being implemented by businesses. Within online banking, passwords are still the most common authentication methods – used by 84 per cent for online and 82 per cent for mobile banking, and more advanced transaction security the next highest for both. Solutions like two-factor authentication (43 per cent online and 42 per cent mobile) and data encryption (31 percent online and 27 percent mobile) trail behind.

Similar results can be seen in both the retail space, with only 25 percent of respondents that use online retail accounts claiming two-factor authentication is used on all their apps and websites, and in social media, with only 21 percent using the authentication for all platforms. Only 16 per cent of all respondents admitted to having a complete understanding of what data encryption is and does.

Jason Hart, CTO, Data Protection at Gemalto said that customers have clearly made the decision that they are prepared to take risks when it comes to their security, but should anything go wrong they put the blame with the business.

“The modern-day consumer is all about convenience and they expect businesses to provide this, while also keeping their data safe. With the impending threats of consumers taking legal action against companies, an education process is clearly needed to show consumers the steps they are taking to protect their data. Implementing and educating about advanced protocols like two-factor authentication and encryption solutions, should show consumers that the protection of their personal data is being taken very seriously.”

Security breaches are the kiss of death for companies

Posted on December 10, 2015 by - News

wargames-hackerCustomers are walking away from companies who have experienced a data loss due to hacking, according to a new survey.

Data security outfit Gemalto said that more than 64 per cent of consumers surveyed worldwide say they are unlikely to shop or do business again with a company that had experienced a breach where financial information was stolen.

Almost half – 49 per cent – had the same opinion when it came to data breaches where personal information was stolen.

Gemalto surveyed 5,750 consumers in Australia, Brazil, France, Germany, Japan, United Kingdom and United States.

It found that 60 percent of consumers thought that threats to their personal information increases during the festive season, and nearly 20 percent believe that they are likely to be a victim of a breach during the holiday season.

Only a quarter of all respondents feel that companies take the protection and security of customer data very seriously. More than twice as many respondents feel that the responsibility of protecting and securing customer data falls on the company (69 percent) versus the customer (31 percent). Of the employed respondents, only around two fifths (38 percent) feel that their employer takes the protection and security of employee data seriously.

A third of respondents have already been affected by data breach in the past. Around 40 percent were though visiting a fraudulent website (42 percent), phishing attacks (40 percent) or clicking a fraudulent web link (37 percent).

The survey found that customers were getting increasingly impatient with breached companies.

Around a quarter who have been a victim of a data breach, either have, or would, consider taking legal action against the breached company involved in exposing their personal information. Almost half of respondents said they would take or would consider taking legal action against any of the parties involved in exposing their personal information.

British and US spooks stole SIM card keys

Posted on February 20, 2015 by - News

james_bond_movie_poster_006Spies from the US and the UK hacked into the internal computer network of the largest manufacturer of SIM cards in the world and stole encryption keys used to protect the privacy of mobile phones.

According to the latest release from the Edward Snowden cache, the hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ.

It all happened in 2010 when GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s mobiles, including both voice and data.

Gemalto, a multinational firm incorporated in the Netherlands, makes chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world.

It makes two billion SIM cards a year and with the stolen encryption keys, intelligence agencies could monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments.

British spies mined the private communications of unwitting engineers and other company employees in multiple countries.

Apparently, Gemalto did not notice and still cannot work out how it was done.

According to one secret GCHQ slide, the British intelligence agency penetrated Gemalto’s internal networks, planting malware on several computers, giving GCHQ access.