Gemalto, the Dutch company that is the largest maker of SIMs in the world, confirmed the U.S. National Security Agency (NSA) and the U.K.'s Government Communications Headquarters (GCHQ) had indeed broken into its computer systems.

Gemalto, however, denied the more damaging claim reported in media last week that NSA and GCHQ had stolen the encryption keys to billion of SIMs (subscriber identity modules) used in mobile phones around the world. It produces two billion SIM cards a year.

Like Us on Facebook

Gemalto said it had carried out a "thorough investigation" following the claims first made on the online magazine, The Intercept, based on documents leaked by ex-NSA whistleblower Edward Snowden.

"The investigation into the intrusion methods described in the document and the sophisticated attacks that Gemalto detected in 2010 and 2011 give us reasonable grounds to believe that an operation by NSA and GCHQ probably happened," the company said in a statement.

It highlighted two "particularly sophisticated intrusions" it said the spy agencies were responsible for.

The first involved a breach of one of its French offices where hackers attempted to spy on internal messages between Gemalto employees and external messages to other persons.

The second used fake emails sent to one of its customers appearing to come from a Gemalto address. These had an attachment that triggered a malware download.

"At the time we were unable to identify the perpetrators but we now think that they could be related to the NSA and GCHQ operation," Gemalto noted.

"These intrusions only affected the outer parts of our networks -- our office networks -- which are in contact with the outside world.

Gemalto emphasized the SIM encryption keys and other customer data in general are not stored on these networks. The company said no breaches were found in parts of its system used to manage other products, including the encryption security for banking cards, ID cards and electronic passports.

"It is important to understand that our network architecture is designed like a cross between an onion and an orange; it has multiple layers and segments which help to cluster and isolate data."

This claim by Gemalto, however, contradicted a slide published by The Intercept that showed the encryption keys had been stolen. In this slide, government agents report they had "successfully implanted" code in several of Gemalto's machines, compromising its "entire network".

Each SIM has a unique encryption key that protects the mobile phone communications of millions of customers worldwide. An encryption key is installed in each SIM and automatically sends a copy of the key to the provider so its network can recognize an individual's phone.