Security lapse exposes millions of Verizon user records
MANILA, Philippines – A third-party vendor for US telecommunications carrier Verizon exposed the data of around 6 million customers on Wednesday, July 12.
The records were of subscribers who called the customer services of Verizon in the past 6 months.
According to security firm Upguard, the data was found in an unprotected Amazon S3 storage server administered by an engineer for NICE Systems, which is based in Israel. Upguard added the storage server was created to log customer call data for unknown purposes.
Verizon confirmed through CNN that the personal data of 6 million customers was leaked online. Upguard earlier said up to as many as 14 million people were affected.
NICE Systems technology is used in Verizon's back-office and call center operations.
The exposed data includes names, addresses, and account information along with Verizon account PIN codes used to verify customer identities alongside their given phone numbers.
Because of the nature of the cloud repository, Upguard was unable to tell how many times the data may have been found by others before it was discovered by the security firm.
Chris Vickery, a researcher with Upguard, sent Verizon an alert regarding the leak on June 13. The security lapse, however, was only closed around June 22.
Upguard added in its assessment of the breach: "This exposure is a potent example of the risks of third-party vendors handling sensitive data. The long duration of time between the initial June 13th notification to Verizon by UpGuard of this data exposure, and the ultimate closure of the breach on June 22nd, is troubling."
"Third-party vendor risk is business risk; sharing access to sensitive business data does not offload this risk, but merely extends it to the contracted partner, enabling cloud leaks to stretch across several continents and involve multiple enterprises," it added. – Rappler.com