Bermuda’s biggest cell phone operator uses SIM cards sourced from a Dutch supplier targeted by UK and US spy agencies, it was revealed yesterday.

But Digicel Bermuda said that it had been assured by Gemalto, one of the biggest suppliers of SIM cards worldwide, that its network “to date” was safe from attacks carried out by the UK’s Government Communications HQ (GCHQ) and the US National Security Agency (NSA).

A spokeswoman for Digicel said: “We can confirm that Gemalto is one of a number of SIM card suppliers to Digicel.

“Gemalto was chosen by Digicel based on our commitment to delivering the highest standards of service and security to our customers who are at the heart of everything we do.

The spokeswoman said that Gemalto supplies SIMs to more than 450 telecom operators worldwide and its SIM cards are certified by industry body GMSA.

She added: “This certification validates that Gemalto’s SIM card production and personalisation processes, as well as its entire site operations, meet the GSM Association’s stringent standards for security and data protection.

“Furthermore, representations made by Gemalto to Digicel to date show that we are not impacted by the alleged activities.”

The firm spoke out a week after The Royal Gazette first asked a series of questions relating to the hacking, unveiled in documents leaked by former NSA contractor Edward Snowden.

The leaked documents showed that GCHQ had broken into Gemalto’s computer network to steal encryption keys for voice, messaging and data traffic.

The cards include personal information, including customer phone numbers, billing information, contacts and text messages and are supposed to be protected by encryption keys to thwart hacking attempts.

But, according to website The Intercept, the two security agencies targeted Gemalto in 2010 to mount monitor wireless communications and bypass the need to gain permission for wiretapping.

The acquisition of encryption keys would also allow UK and US spy agencies to unlock communications they had previously intercepted but had been unable to unlock, according to The Intercept.

The website said that GCHQ had planted malware on several of Gemalto’s computers and obtained access to communications between employees of the firm to help them hack into their systems.

GCHQ — as is standard — refused to comment on security matters.

A statement from Gemalto said that it had detected “sophisticated attacks” in 2010-11 which gave it “reasonable grounds to believe that an operation by NSA and GCHQ probably happened.”

But the firm insisted that an attack on its office networks could not have resulted in “a massive theft of SIM encryption keys.”

It added: “By 2010, Gemalto had already widely deployed a secure transfer system with its customers and only rare exceptions to this scheme could have led to theft.”

Gemalto said that, if encryption keys had been stolen, intelligence services could only have spied on second generation (2G) networks because 3G and 4G networks are not vulnerable to this kind of attack.

Gemalto added that the leaked documents attacks were targeted at mobile operators in Afghanistan, Yemen, India, Serbia, Iran, Iceland, Somalia, Pakistan and Tajikstan — and that newer generation systems with secure data transmission were safe.

The firm added: “Nevertheless, we are conscious that the most eminent state agencies, especially when they work together, have resources and legal support that go far beyond that of typical hackers and criminal organisations.

“And we are concerned that they could be involved in such indiscriminate operations against private companies with no grounds for suspicion.”

CellOne said last Thursday that they did not use cards from Gemalto and they were unaffected by the spying concerns.