Verizon data breach leaks millions in customers’ records
Millions of customer files have been leaked onto a public cloud, leaving Verizon customers exposed
A security lapse has led to the exposure of data from millions of Verizon customers.
According to ZDNet, NICE Systems,an Israeli technology company is the source of the leak and as many as 14 million records of subscribers who phoned Verizon’s customer services over the past six months were found on an Amazon S3 storage server. The company was working with Verizon to facilitate customer calls and the server was controlled by an employee of NICE Systems.
The breach was discovered by Chris Vickery, a researcher at cyber security firm UpGuard who’ve said that the cause was a misconfigured security setting on a cloud server due to “human error”, NICE Systems reportedly made a security setting public instead of private.
In a comment to GTB, NICE Systems clarified in saying : “[it was] A human error that is not related to any of our products or our production environments nor their level of security, but rather to an isolated staging area with limited information for a specific project, allowed a customer’s data to be made public for a limited period of time.”
Information such as names, addresses, ID numbers/PINs are reportedly included in the security breach and Verizon were alerted to the leak on June 13 by June 22 the security hole was plugged.
A spokesperson for Verizon said to ZDNet: "Verizon provided the vendor with certain data to perform this work and authorized the vendor to set up AWS storage as part of this project. Unfortunately, the vendor's employee incorrectly set their AWS storage to allow external access."
They went to say that the "overwhelming majority of information in the data set has no external value."
"There is some personal information in the data set," said the spokesperson, "but as indicated earlier, there is no indication that the information has been compromised."
The news comes months after Verizon released its security report indicating that organised criminals have increased their use of ransomware and that data breaches are up warranting a review of company security measures.