March 28, 2016 by

Verizon’s Incident Response Division is Breached

Verizon’s B2B unit, Verizon Enterprise Solutions was hit by hackers. The breach saw over 1.5 million customers’ data stolen from a unit of Verizon that provides cybersecurity solutions and consulting to a majority of the Fortune 500 companies.

Verizon Enterprise Solutions, the unit that gets called by many among the Fortune 500 when a data breach occurs is now recovering from its own data breach. The news first broke during reporting by independent cybersecurity researcher Brian Krebs.

The hacker or the hacker outfit gained access to the unit before stealing the data and then offering it up for sale on an underground cybercrime forum, as discovered by Brian Krebs.

A post on KrebsOnSecurity read:

Earlier this week, a prominent member of a closely guarded underground cybercrime forum posted a new thread advertising the sale of a database containing the contact information on some 1.5 million customers of Verizon Enterprise.

The entire package was offered on sale for $100,000. Parts of it in clusters of 100,000 contact details was being offered for $10,000 each. Buyers were also given the option to pay for information on vulnerabilities discovered by the hacker on Verizon’s website.

Speaking to the security blogger, the company admitted that it had identified a “security flaw” recently. The flaw had allowed hackers to gain access to customer contact information. The company also revealed that it is reaching out to affected customers to inform them of the breach.

In an emailed statement, Verizon added:

“Verizon recently discovered and remediated a security vulnerability on our enterprise client portal. Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible.”

The data was sold in multiple formats including MongoDB, the database platform. This offers clues confirming the possibility that the attackers may have forced the MongoDB system in order to dump its contents.

Beyond its statement, Verizon has not revealed any further details about the number of customers impacted or how the breach occurred.

Verizon Enterprise is popular for its annual Data Breach Investigations Report, also known as DBIR in the industry.

Image credit: Wikimedia.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Expedia’s Orbitz: 880,000 Payment Cards Struck by Data Breach

Orbitz, a subsidiary of online travel giant Expedia has revealed a data breach wherein hackers may...

Read more arrow_forward

Data Breach: Florida Warns of 30,000 Medical Records Leak Due to Phishing

Florida’s health agency has warned of a data breach that may have exposed the data of up to 30,000...

Read more arrow_forward

India’s National ID Database of 1.2 Billion People Breached for $8

An Indian news publication has reported that the government’s biggest citizen database, a register...

Read more arrow_forward