Mobile security firm Gemalto is investigating a media report that US and UK security services hacked its internal network and stole encryption keys for SIM cards.

A report in The Intercept said the keys, which protect mobile users’ privacy, were stolen by the National Security Agency (NSA) and the Government Communications Headquarters (GCHQ).

Gemalto, which is the largest SIM manufacturer in the world, said in a statement: “We cannot at this early stage verify the findings of the publication and had no prior knowledge that these agencies were conducting this operation.”

Obtaining the keys would mean the NSA and GCHQ could monitor mobile communications without gaining permission from operators or foreign governments.

The report was based on documents supplied by whistleblower Edward Snowden and come from a secret 2010 GCHQ document.

The vendor revealed it has been the subject of attacks previously. Over the years it has “detected, logged and mitigated many types of attempts,” it said.  However, so far it can’t prove a link between those previous incidents and yesterday’s report, it concludes.

“We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such sophisticated techniques.“

The company said it was not the target of the attack, per se, which was an attempt by the spies to reach as many phones as possible. Other SIM vendors might also have been hacked, according to the vendor.

Gemalto produces about 2 billion SIMs a year, said the report.