July 13, 2017
Six million Verizon customers have had their account information exposed online due to a security screw-up by a company partner.
Verizon, which confirmed the leaked data to CNN, said the breach was the result of “human error.”
Israel-based Nice Systems, which handles customer service calls for Verizon, messed up a security setting on a cloud server, making the Verizon data stored on it available to anyone with the public link.
The leaked records included customers’ names, mobile numbers, account PINs, addresses and e-mail addresses, not to mention their Verizon account balances. No loss or theft of customer information has been tied to the breach, according to the CNN report.
Researcher Chris Vickery from UpGuard, the online security firm that discovered the breach, told CNN the exposed data had been collected over the last six months.
The security issue was first discovered June 13. Initially, UpGuard’s Cyber Risk Team thought the error had affected as many as 14 million accounts. Verizon later confirmed six million clients had been impacted.
“This exposure is a potent example of the risks of third-party vendors handling sensitive data. The long duration of time between the initial June 13 notification to Verizon by UpGuard of this data exposure, and the ultimate closure of the breach on June 22, is troubling,” reads an UpGuard blog post.
“Third-party vendor risk is business risk; sharing access to sensitive business data does not offload this risk, but merely extends it to the contracted partner, enabling cloud leaks to stretch across several continents and involve multiple enterprises.”
Jennifer Cowan is the Managing Editor for SiteProNews.