The personal data for up to 14 million Verizon customers was discovered on an unprotected web server in late June by a cyber risk researcher.
The Verizon customer data was posted to a publicly-accessible Amazon Web Server by an employee of Nice Systems, which is an enterprise software company. Included in this data was a wide range of personal information associated with anyone who had contacted Verizon’s customer service representatives over the last several months.
The data exposed included names, phone numbers, account PINs, as well as home addresses, service plans, account balances, whether or not they were employed by the federal government, and even customer “frustration scores” with Verizon’s customer service.
While any time personal data is compromised there is an opportunity for the information to be used in the commission of scams and identity theft, Verizon has claimed the compromised information has “no external value,” also maintaining that their subsequent investigations showed that the data hadn’t been accessed externally.
U.S. Representative Ted Lieu expressed concerns, stating “[i]f anyone had that information they could go online and have access to your account, and your call log, etc…most people use their PIN for more than one thing.”
As a Verizon customer himself, he went on to add, “I would like to know if my data was breached.”
Dan O’Sullivan of UpGuard, a cybersecurity company, also expressed concern, stating that the exposure was a “remarkable incidence of third-party vendor risk. A customer knows they are giving their information to Verizon, but they are probably not aware that information is… shared with third party vendors.”
Read more about the story as it develops here.