Third-Party Contractor Exposes Verizon Customer Data

Verizon security error leaves millions of customer records exposed

A third-party vendor for United States telecommunications carrier Verizon exposed the data of around 6 million customers on Wednesday, July 12.

NICE Systems technology is used in Verizon's back-office and call center operations. However, it was not until June 22 - more than a week later - that Verizon and NICE managed to close the breach.

In the RNC leak, UpGuard found an online repository of voter information left unsecured on Amazon Web Services' servers.

Verizon, which you might remember from sending you cellphone bills or from being sued by the city of NY for failing to install citywide FIOS cable by the end of 2014, is in hot water after millions of customer records were exposed by a third party vendor the telecom giant worked with. Verizon has disputed this number; according to a company spokesperson there were 6 million records in the data. The operator added that the number of subscriber accounts reported by ZDnet was overstated, and the actual number was around 6 million unique customers.

Verizon confirmed the security hole on Wednesday. UpGuard alerted Verizon of the setting on June 13.

Customer data, including phone numbers and PIN identifiers, were made vulnerable after a cyber attack on Verizon's cloud storage systems, according to CNN. There was six months worth of customer data that was exposed, though there is no indication that payment information was ever at risk-just names, numbers, and PIN codes used the confirm a customer's identity when calling in for support.

Verizon uses cloud services provided by Amazon in order to store their troves of customer information and data.

"This human error is not related to any of our products or our production environments nor their level of security, but rather to an isolated staging area with limited information for a specific project", it said.

"When an attacker has enough information about their target - gathered either through social engineering or from data breaches- they will contact the phone carrier and have the phone SIM card swapped to a new device". This could have then further given the attackers access to online services that were protected by SMS-based two-factor authentication. Hopefully nothing bad comes from this data exposure, but it sure would be nice if we could stop worrying these things after a leak or breach has already taken place.

Related:

Comments

Latest news

Here are Juno's first close-ups of Jupiter's Great Red Spot
It will take weeks, even months, for the science data to come out, and scientists will likely study this flyby for years to come. NASA's Juno mission completed a close flyby of Jupiter and its Great Red Spot on July 10, during its sixth science orbit.

Oil rises 2.5 percent after surprisingly large United States crude stock draw
This fate looks shaky as USA shale producers are already pulling back and reports of investment capital for shale is drying up. The stability recorded in the production of oil in Nigeria has also increased employment for the second month in a row.

Microsoft's new iPhone app helps the blind see
According to The Verge , the app operates using neural networks - a computer system modeled on the human brain and nervous system. The app relies on the iPhone camera, backed by Microsoft's machine learning and image recognition algorithms.

Squirrel Girl Officially Cast For Marvel's New Warriors
It's one of the stranger characters within the comic-book universe, but it's also one that has a dedicated following. Derek Theler , who just finished six years on the Freeform sitcom Baby Daddy , will star as Craig Hollis, aka Mr.

Other news