By Amir Mizroch in London And Maarten van Tartwijk in Amsterdam 

European government officials, telecom executives and shareholders rushed Friday to respond to a report that U.S. and British intelligence agencies breached security systems at Gemalto NV, one of the world's biggest cellphone SIM-card providers.

The alleged hack, reported by a news site that has been a conduit of leaks from former National Security Agency contractor Edward Snowden, raised fresh questions in Europe about whether Western governments have attempted to tap into private companies to gain access to personal-communication data, potentially circumventing legal procedures and privacy safeguards.

Earlier reports citing leaked documents from Mr. Snowden have alleged U.S. and British spies have attempted to secretly tap into tech and telecommunications companies, including Google Inc. But the new report--published Thursday by the Intercept, a news site set up by American journalist Glenn Greenwald, a primary conduit for Snowden leaks--did more than raise questions about privacy concerns. It also hit shareholders hard.

Gemalto ships SIM cards to some of the world's biggest telecommunications carriers, including Verizon Communications Inc., Vodafone Group PLC and China Mobile Ltd. Industry analysts raised the prospect of financial repercussions for the company should the report stir broader worry about whether the SIM cards it provides were vulnerable to snooping.

Shares in Gemalto, based in France and the Netherlands, ended trading down almost 4%, recovering somewhat from a nearly 10% drop earlier in the day. Friday's selling wiped out about EUR230 million ($262 million) from the stock-market value of the company.

Gemalto said it was investigating the report. "We cannot at this early stage verify the findings of the publication and had no prior knowledge that these agencies were conducting this operation," Gemalto said in a written statement. "We take this publication very seriously and will devote all our resources necessary to fully investigate and understand the scope of such sophisticated techniques."

The report triggered angry reaction from some European politicians, who have ratcheted up scrutiny of U.S. technology firms, as well as U.S. and British intelligence practices, amid previous Snowden leaks.

Jan Philipp Albrecht, chief negotiator for the European Parliament for the European Union's proposed new data protection law, urged the Dutch government to open an investigation. A spokeswoman for the Dutch interior ministry declined to comment about any probe.

Meanwhile, some of Europe's biggest telecom providers hurried to determine any vulnerability to customers. Managers and technicians at Deutsche Telekom AG, which uses Gemalto SIM cards, gathered Friday to assess possible collateral damage from the alleged hack, according to a spokesman.

Deutsche Telekom called for Gemalto to provide a full accounting of what it knows about any alleged security breach. In a statement, the German company said it tweaks the standard encryption algorithm embedded in Gemalto SIM cards, a practice it said should protect Deutsche Telekom customers from any privacy breach.

"We currently have no knowledge that this additional protection mechanism has been compromised," Deutsche Telekom said in a statement. "However, we cannot rule out this completely," the company said.

Bouygues Telecom, a mobile telephone operator in France and another Gemalto customer, said it had contacted Gemalto for information about the possible hack. "We take the issue very seriously," a spokeswoman said.

China Mobile, the world's biggest telecom provider by subscribers, wasn't reachable for comment. No. 2 provider Vodafone said "we have no further details of these allegations which are industrywide in nature and are not focused on any one mobile operator. We will support industry bodies and Gemalto in their investigations."

The Intercept report alleges that the U.S. National Security Agency and the U.K.'s Government Communications Headquarters, or GCHQ, attempted in 2010 to steal Gemalto encryption keys. It cites GCHQ documents describing a joint GCHQ-NSA team called the Mobile Handset Exploitation Team. It alleges British and American spies monitored and mined the private email and Facebook communications of engineers and other Gemalto employees around the world, to identify employees working on encryption and SIM products.

According to documents leaked to the Intercept, government hackers said they had gained access to "core mobile networks" by penetrating Gemalto's computer systems and intercepting encryption keys the company implants into the SIM cards it ships to customers.

GCHQ, in a statement, said it doesn't comment on intelligence matters. But it said all of its work "is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorized, necessary and proportionate" and that it is subject to "rigorous oversight" by the government and parliament. "All our operational processes rigorously support this position. In addition, the U.K.'s interception regime is entirely compatible with the European Convention on Human Rights," GCHQ said.

A representative for the NSA couldn't be reached for comment. The U.S. embassy in the Netherlands didn't return a call for comment.

Gemalto develops and installs security and identification software in a line of products, including SIM cards, which go into cellphones, payment cards and electronic identification documents. SIM cards in phones are embedded with an encryption key--a mathematical code that conducts a "digital handshake" with a mobile carrier's network, which has the corresponding encryption key for that specific SIM card. Once that digital identification process is completed, the call or data transfer is encrypted and can proceed in both directions.

Obtaining SIM-card security keys could help an intelligence agency intercept and decrypt over-the-air cellular transmissions from any phone whose key had been stolen, a former European intelligence official said. That could ease short-range interception of newer phones that use a more sophisticated type of SIM-card-based encryption, the former intelligence official said.

U.S. carriers are still getting their heads around the issue. Sprint Corp. and Verizon didn't use SIM cards in their phones at all until after 2011 when they transitioned to new technology. Even with SIM-card keys, it would still be difficult to decrypt communications, said a person familiar with the matter.

If Gemalto finds evidence of a security breach, it could trigger calls for the company and its customers to recall its chips, some analysts said. According to its website, Gemalto has 450 mobile-network operators as customers. It recorded EUR2.4 billion ($2.72 billion) in revenue in 2013.

"Gemalto could be forced to replace a large number of SIM cards, which could be a costly exercise," analysts at Dutch lender Rabobank wrote Friday in a research note. "Gemalto has a lot to lose here."

The SIM-card manufacturing industry is dominated by a handful of European firms, including Gemalto and privately held Oberthur Technologies of France and Germany's Giesecke & Devrient GmbH.

Oberthur declined to comment. Giesecke & Devrient said it had no indication it was subjected to anything similar to the incident at Gemalto.

Write to Amir Mizroch at amir.mizroch@wsj.com and Lisa Fleisher at lisa.fleisher@wsj.com

Access Investor Kit for Deutsche Telekom AG

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=DE0005557508

Access Investor Kit for Vodafone Group Plc

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=GB00BH4HKS39

Access Investor Kit for China Mobile Ltd.

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=HK0941009539

Access Investor Kit for Gemalto NV

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=NL0000400653

Access Investor Kit for China Mobile Ltd.

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=US16941M1099

Access Investor Kit for Deutsche Telekom AG

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=US2515661054

Access Investor Kit for Gemalto NV

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=US36863N2080

Access Investor Kit for Verizon Communications, Inc.

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=US92343V1044

Access Investor Kit for Vodafone Group Plc

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=US92857W3088

Subscribe to WSJ: http://online.wsj.com?mod=djnwires

China Mobile (NYSE:CHL)
Historical Stock Chart
From Feb 2024 to Mar 2024 Click Here for more China Mobile Charts.
China Mobile (NYSE:CHL)
Historical Stock Chart
From Mar 2023 to Mar 2024 Click Here for more China Mobile Charts.