July 12, 2017 by

14 Million Verizon Customers’ Records Leaked due to Security Lapse

The personal details of some 14 million Verizon customers were left exposed on a cloud-based online server without adequate password protection, researchers have learned.

A researcher from cybersecurity firm UpGuard has discovered a cloud-based database with terabytes of internal files without any adequate protection. The data was open, left to be downloaded by anyone who accessed the easily-guessed web address.

The unprotected Amazon S3 storage server was maintained by a third-party vendor called Nice Systems, an Israel-based big data analytics company that has previously been accused of selling surveillance tools to governments.

UpGuard researcher Chris Vickery privately told Verizon of the data leak after discovering it in late-June. It was over a week before the data was secured.

The customer records were embedded in log files generated when Verizon customers used the telecom giant’s customer service in the last six months. Each record includes a customer’s name, a cell phone number and their account PIN, ZDNet cited an anonymous Verizon call center representative as saying. Verizon has over 108 million post-paid wireless customers.

From January through June, six folders from each month contained several daily log files, recording customer calls from various US regions based on the location of the company’s datacenters. Each record also included hundreds of fields of additional data such as a customer’s home and email addresses, current account balances and more.

“In short, NICE Systems is a trusted Verizon partner, but one that few Americans may realize has any access to their data. Such third-party vendors are entrusted every day with the sensitive personal information of consumers unaware of these arrangements,” wrote UpGuard in a blog. “There is no difference between cyber risk for an enterprise and cyber risk for a third-party vendor of that enterprise. Any breaches of data on the vendor’s side will affect customers as badly and cost the business stakeholders as dearly as if it had been leaked by the enterprise.”

Image credit: Flickr.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Massive Data Breaches Cost Yahoo $350 Million in Sale to Verizon

Yahoo’s sale of its core business to Verizon for what was originally a $4.85 billion deal now sees...

Read more arrow_forward

Verizon’s Incident Response Division is Breached

Verizon’s B2B unit, Verizon Enterprise Solutions was hit by hackers. The breach saw over 1.5...

Read more arrow_forward