Verizon Says Data Breach Exposure Limited

Posted July 14, 2017

What happened was that a cloud server operated by Nice Systems was misconfigured, exposing personal data of millions of Verizon customers.

It's not easy for businesses to protect their customers' data these days, particularly when they share it with their partners.

Nevetheless, the data exposure, discovered by US-headquartered firm UpGuard and first reported by ZDNet, remains a huge amount of records.

NICE Systems is the known company that offers a wide range of solutions including telephone voice recording, data security, and surveillance.

Because of the nature of the cloud repository, Upguard was unable to tell how many times the data may have been found by others before it was discovered by the security firm. Verizon said it regrets the incident and apologized to customers.

The hack, or really more so the door that was left wide open for anybody to see allowed interested parties to see customer names, phone numbers, and in some instances PIN numbers for their Verizon accounts.

If you listen to cloud vendors talk about cloud security, you'll nearly always hear them say something along the lines of "cloud security is a two-way street". According to ZDNet, NICE security measures were not set up properly because it made a security setting public on an Amazon S3 storage server, instead of making it private. The company, which said an "overwhelming majority of information in the data set had no external value", asserted that nobody malicious has had access to the information.

In a statement to IBTimes UK, a Nice Systems said: "Reports erroneously confuse a human error at a project with inaccurate past reports related exclusively to a business that Nice divested several years ago and no longer has anything to do with our business".

Vickery notified Verizon of the exposed database on June 13, the UpGuard report states, but the database was not fully secured until June 22. There was six months worth of customer data that was exposed, though there is no indication that payment information was ever at risk-just names, numbers, and PIN codes used the confirm a customer's identity when calling in for support.

Are you a Verizon Customer and think that your information has been exposed?

However, UpGuard said this exposure is a potent example of the risks of third-party suppliers handling sensitive data.

But much of the damage has already been done, and the worst part is that nobody knows who managed to get their hands on the data before the breach was closed.

With free access to the account, an attacker could make whatever changes to service that they want, theoretically adding lines or specific features.