Mobile operators are organizations that have to manage a great amount of critical information, including legal sensitive subscriber data. A number of assessment projects on the infrastructures of major mobile operators, revealed a number of vulnerabilities that if exploited may lead to important business impact. The scope of this paper is to publish these vulnerabilities towards the enhancement of security and privacy of mobile operators. A threat model was created, according to which countermeasures tailored to the specific environment of a mobile operator are proposed.