The risk has been known for several years now, but it was believed to be low.
Many other similar risks exist in technology today. But the risk landscape is a rapidly changing one. What was perceived a low risk a few years ago, may not be so low today.
Therefore it's important to regularly review how the risk, or the company risk appetite has changed and changes implemented before an incident occurs.
According to reports by German Newspaper Suddeutsche Zeitung, the telco said that some of its customers had money taken out of the bank accounts using a two-part attack that exploits vulnerabilities in the Signalling System 7 protocol. This is a protocol that allows telecoms companies to send text messages from one network to another. It also allows users to make phones calls while travelling. The security hole has been known by telcos for years. Hackers used SS7 to redirect text messages banks used to send one-time passwords to customers. Instead of the text being delivered to the bank account holder's phone, they were diverted to phone numbers under the control of hackers. These hackers then used mTANs—short for "mobile transaction authentication numbers" to take money out of victims' accounts.