Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 13 MINUTES AGO.
You are here: Home / Network Security / Verizon Customer Data Exposed
Cloud Leak: Verizon Customer Data Exposed by Vendor
Cloud Leak: Verizon Customer Data Exposed by Vendor
By Jill Leovy Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JULY
13
2017
Names, phone numbers and other information of millions of customers of Verizon were made available on a publicly accessible storage area owned by one of the company's vendors, according an enterprise security software company that discovered the exposed data.

The data repository "was totally publicly accessible, anyone entering a URL in a browser would have been able to access it," said Dan O'Sullivan, cyber-resilience analyst with UpGuard, the Mountain View, Calif. company that found the data.

Exposed were text files logging calls made to Verizon call centers between Jan. 1, 2017 and June 22, O'Sullivan said. In most cases, the logs included the names, phone numbers and addresses of Verizon subscribers. In some cases, account pin numbers used to verify callers' identities were also exposed, O'Sullivan said.

The storage area belonged to Nice Systems, a Verizon vendor which does business related to call-center management. UpGuard informed Verizon of its findings on June 13, O'Sullivan said. A week later, access was shut off.

After the technology news website ZD Net published a story about the episode Wednesday, Verizon issued a press release apologizing to its customers.

The phone giant confirmed that its customers' information -- including their cell phone numbers and pins in some cases -- had been incorrectly placed in an insecure cloud storage area.

None of the exposed information had been lost or stolen, the company said.

Verizon spokesman David Samberg said that 6 million unique customer accounts were exposed -- a smaller number than the 14 million estimated by UpGuard. Verizon was still investigating the problem when the story broke, he said.

Verizon said a "limited amount of personal information" had been left open to external access, as well as additional information that "had no external value."

The episode prompted U.S. Rep. Ted Lieu (D-Torrance) to request a Judiciary Committee hearing, said Lieu's chief of staff Marc Cevasco.

Lieu, a Verizon customer, is concerned about possible misuse of the data. "If anyone had that information they could go online and have access to your acct, and your call log, etc.," he said.

Also, "most people use their pin for more than one thing," he said, so exposed pins might put people at risk of identity theft.

Cevasco also said that Lieu was not convinced by Verizon's assertions that they had access to reports of all the people who might have viewed the data.

"A good hacker would know how to circumvent stuff like that," he said. Sophisticated state actors, looking for, say, information on government workers, were of particular concern, he added.

Lieu's letter to Judiciary Chairman Robert Goodlatte (R-Va.) states that the data reportedly contained information on U.S. intelligence officials. He called it "the latest in a series of disturbing data breaches."

Nice Systems, headquarted in Ra'anana, Israel, released a statement that called the problem "human error" involving and "isolated staging area with limited information."

O'Sullivan said the exposure underscores the rapidly increasing risks of data breaches. "This is a really remarkable incidence of third party vendor risk," he said. "A customer knows they are giving their information to Verizon, but they are probably not aware that information is going to be shared with third party vendors."

© 2017 Los Angeles Times under contract with NewsEdge/Acquire Media. All rights reserved.
Tell Us What You Think
Comment:

Name:

Randy:
Posted: 2017-07-14 @ 5:51am PT
@jay h: Good point. Name, address, and phone number have always been freely available. Not so much though for email addresses, passwords, and credit card info.

jay h:
Posted: 2017-07-14 @ 5:45am PT
Interesting. When I was younger, virtually every phone company customer's name, phone number and address was in a big book that they gave away for free....

Like Us on FacebookFollow Us on Twitter
MORE IN NETWORK SECURITY
ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.