Syniverse, a company that manages SMS routing for major US carriers, has disclosed that attackers had access to its databases for five years. In a filing with the US Securities and Exchange Commission (SEC), Syniverse wrote that “in May 2021, [they] became aware of unauthorized access to [their] operational and information technology systems by an unknown individual or organization.” An investigation revealed that the unauthorized access began in 2016.
Ref: https://www.sec.gov/Archives/edgar/data/1839175/000119312521284329/d234831dprem14a.htm