Private Data Of 6 Million Verizon Customers Exposed The records of up to 6 million Verizon customers have been exposed to potential theft and abuse after they were left openly accessible on the internet. According to security analyst Chris Vickery (hat tip to ZDNet), the data was left unprotected on an Amazon S3 storage server controlled by an employee of Nice Systems, a Ra'anana, Israel-based company. Nice helped Verizon store, collect and analyze customer records for every customer service engagement consumers had with the carrier.

But Vickery (an employee of security firm Upguard) notes that Nice collected and stored this data for an "unknown purpose," including account phone numbers and the Verizon account PIN codes used to verify customers. "This exposure is a potent example of the risks of third-party vendors handling sensitive data," Vickery notes. "The long duration of time between the initial June 13th notification to Verizon by UpGuard of this data exposure, and the ultimate closure of the breach on June 22nd, is troubling." "Third-party vendor risk is business risk; sharing access to sensitive business data does not offload this risk, but merely extends it to the contracted partner, enabling cloud leaks to stretch across several continents and involve multiple enterprises," he adds. The breach is particularly notable given that Verizon just lobbied furiously to kill FCC broadband customer privacy protections that would have taken effect in March. In addition to requiring transparency about how customer data is used and stored, it required that customers opt in to having sensitive data shared. The rules also would have created baseline standards for how this data is stored, requiring customers be notified in the case of breaches. If you're a Verizon Wireless customer you'll perhaps notice that you've yet to hear from Verizon about this latest breach despite the fact it happened more than a month ago. Verizon had insisted that it should be allowed to self-regulate in terms of privacy. But the new rules were proposed after Verizon had previously come under fire for covertly modifying user packets to track them around the internet without their permission. "Verizon provided the vendor with certain data to perform this work and authorized the vendor to set up AWS storage as part of this project," the company tells ZDNet. "Unfortunately, the vendor's employee incorrectly set their AWS storage to allow external access." The company also tried to tell the website that the "overwhelming majority of information in the data set has no external value." Upguard's full analysis of Verizon's latest data breach is available here. Updated: The original security analysis estimated the impact of the breach at 14 million subscribers. Verizon has since corrected those estimates, stating "only" 6 million subscribers had their data exposed. : The original security analysis estimated the impact of the breach at 14 million subscribers. Verizon has since corrected those estimates, stating "only" 6 million subscribers had their data exposed.







News Jump California Defends Its Net Neutrality Law; AT&T's Traffic Up 20% Despite Data Traffic Actually Being Down; + more news Are The Comcast-Charter X1 Talks Dead In The Water?; AT&T May Offer Phone Plans With Ads For Discounts; + more news Europe's Top Court: Net Neutrality Rules Bar Zero Rating; ViacomCBS To Rebrand CBS All Access As Paramount+; + more news Verizon To Buy Reseller TracFone For $7B; 5G Not The Competitive Threat To Cable Many Thought It Would Be; + more news MS.Wants Records From AT&T On $300M Project; Google Fiber Outages In Austin, Houston, Other Texan Cities; + more news States With The Biggest Decreases In Speed; AT&T Hopes You'll Forget Its Fight Against Accurate Maps; + more news AT&T's CEO Has A Familiar $olution To US Broadband Woes; EarthLink Files Suit Against Charter; + more news 5G Doesn't Live Up To Hype, AT&T's 5G Slower Than Its 4G; Cord-Cutting Now In 37% of Broadband Households; + more news FCC Cited False Broadband Data Despite Warnings; ZTE, Huawei Replacement Cost Is $1.87B, But Only $1B Allocated; + more Cogeco Rejects Altice USA's Atlantic Broadband Bid; AT&T Is Astroturfing The FCC In Support Of Trump Attack; + more news ---------------------- this week last week most discussed

Most recommended from 28 comments

Quattrohead

Premium Member

join:2005-02-09 25 recommendations Quattrohead Premium Member Verizon and Yahoo, perfect match No wonder they barely flinched at the huge yahoo leaks

Tomek

Premium Member

join:2002-01-30

Valley Stream, NY 7 recommendations Tomek Premium Member European Data Protection US is falling so behind with privacy and data protection.

Recently heard about EU soon to be enforcing data and privacy customer protections in 2018 (to give companies time to prepare).

That kind of data leak would end up with catastrophic fines, but in US, not even slap on the wrist tmc8080

join:2004-04-24

Brooklyn, NY 6 recommendations tmc8080 Member Cybersecurity done by: A bunch of Yahoos!

mikesterr

join:2008-04-18

Sanford, FL 4 recommendations mikesterr Member No Breach said by Karl Bode: If you're a Verizon Wireless customer you'll perhaps notice that you've yet to hear from Verizon about this latest breach despite the fact it happened more than a month ago.



The fact is Verizon dodged a bullet on this. And with so many businesses moving away from Internal Data centers and going with Cloud solutions like amazon I believe were going to see much more of this in the future, regardless of how many security reviews occur. So this was not a Breach... Verizon confirmed No one accessed the data except for the group that uncovered the Outside Vendor's open portal. There was no loss or theft of data.The fact is Verizon dodged a bullet on this. And with so many businesses moving away from Internal Data centers and going with Cloud solutions like amazon I believe were going to see much more of this in the future, regardless of how many security reviews occur. existenz

join:2014-02-12 4 recommendations existenz Member I wonder.. Wonder how much impact private data leaks have, causing people to leave a service. Would be interesting to see if stats are out there. Target had a high profile one a few years ago but stock value went back up afterwards (sales are down for most retailers anyway now given online sales impact). And Yahoo was a doosey but they were heading downhill before anyway.

rchandra

Stargate Universe fan

Premium Member

join:2000-11-09

14225-2105 2 recommendations rchandra Premium Member so which was it? Was this limited to Verizon Wireless, or was this Verizon? They're not quite the same, but unfortunately people fudge that all the time. I'm a customer of the latter but not the former. It may make a difference in this case.

Unbundled

But When ? ?

Premium Member

join:2010-09-13

Irving, TX 2 recommendations Unbundled Premium Member 3rd Party Vendors So much for in-house errors....



The number of breaches and issues caused by 3rd Party Vendors is staggering. But, I guess that's just how we do Business in the 21st Century...

kdwycha

join:2003-01-30

Ruskin, FL 2 recommendations kdwycha Member Well Gee! Maybe Verizon should set up a cyber security unit with Russian intellegence to secure their customer data? 😂