Verizon Mistakenly Leaks 6 Million Customer Records, Blames Human Error
Jul 14 2017
USA telecommunications giant Verizon has confirmed that the details of six million customers were exposed online by a third-party vendor, less than 24 hours after cybersecurity firm UpGuard published the claim that the scope of the incident was much larger.
Whether or not this was done on objective remains to be seen as a spokesperson for Verizon says that they are investigating the matter. The company also stressed that no loss or theft of Verizon or Verizon customer data was reported. The cloud server was owned and operated by telephonic software and data firm NICE Systems, a third-party vendor for Verizon.
UpGuard, the company that discovered the problem, said that exposed text files were from calls made between January 1 and June 22 of this year.
Because of the nature of the cloud repository, Upguard was unable to tell how many times the data may have been found by others before it was discovered by the security firm. Verizon has disputed this number; according to a company spokesperson there were 6 million records in the data.
Verizon confirmed the security hole on Wednesday. The situation was traced back to NICE Systems, a company based in Israel that Verizon had collaborated with for customer service calls.
Gartner analyst Avivah Litan said the issue comes down to human error and it doesn't make sense to blame cloud service providers like Amazon and Google. The data, at least according to Verizon, is not extremely sensitive, but does include some personal information, like phone numbers and authentication PINs used to contact call centers.
The data included customers' names, addresses, account details and their Verizon personal identification number. Vickery discovered the breach on June 8; the data was secured by June 22. Sophisticated state actors, looking for, say, information on government workers, were of particular concern, he added.
This latest data breach follows in the wake of similar incidents where information has been left exposed in a misconfigured manner by third-party vendors. What's worse is the potential financial impact that this data breach might entail. Some people can use them to gain access to the person's phone service. "The fact that no data may have been downloaded doesn't minimize the risk of instances such as this", said John Gunn, chief marketing office for VASCO Data Security.