Third-Party Contractor Exposes Verizon Customer Data

Third-Party Contractor Exposes Verizon Customer Data

Third-Party Contractor Exposes Verizon Customer Data

Customer data belonging to over 14 million Verizon subscribers was left unprotected due to the oversight of a Nice Systems employee who had incorrectly allowed external access to the AWS storage which held the Verizon customer data.

Verizon confirmed that a recent security incident exposed the personal identification numbers and other private information pertaining to millions of telecom customers.

The customer records include a customer's name, cell phone number, and their account pin, which could be used to grant access to a subscriber's account, according to a report by ZDNet.

U.S. telecommunications giant Verizon has confirmed that the details of six million customers were exposed online by a third-party vendor, less than 24 hours after cybersecurity firm UpGuard published the claim that the scope of the incident was much larger. The temporarily compromised data was tied to NICE Systems, a company in Israel that was assisting Verizon with customer support calls. This has led to the leak of nearly six million Verizon user's data.

NICE Systems is the known company that offers a wide range of solutions including telephone voice recording, data security, and surveillance.

That was a sentiment not likely to be shared by those who had their names, addresses and account data exposed online.

Have you called Verizon customer service in 2017?

The leak was initially discovered by Chris Vickery, director of cyber risk research at security firm UpGuard, who found the data in late June. While Verizon says no damage has been done, you may want to change your pin. The folders contained daily logs of customer service calls broken down by geographical region in relation to Verizon data center locations. Some PIN numbers were hidden but others were exposed. UpGuard informed Verizon of the security risk on June 13, but it wasn't fixed until June 22. A threat actor could use a customer's PIN to either hijack the phone account directly or interfere with two-factor authorization methods by changing account settings to redirect information.

Verizon said in an official statement that the "overwhelming majority of information in the data set has no external value".

Verizon has said it was carrying out an investigation into this issue as part of an ongoing company project to enhance its customer service.

Related news