Verizon Enterprise Solutions, a division of Verizon known for providing IT services to businesses and government agencies around the world, has had their systems compromised by hackers who stole the information of about 1.5 million customers. Verizon Enterprise usually helps Fortune 500 companies respond to data breaches — even regularly publishing data breach investigation reports — but cybersecurity journalist Brian Krebs of KrebsOnSecurity recently discovered customer data for sale in a “closely guarded underground cybercrime forum.”
The seller was allegedly a “prominent member” of the forum and was promoting contact information for about 1.5 million Verizon Enterprise customers for $100,000; the option to purchase 100,000 records for $10,000 each was also offered. In addition, the anonymous individual was selling information about vulnerabilities in Verizon’s website.
Krebs contacted Verizon Enterprise about what he found online and the company acknowledged that they had recently identified the security flaw in its website and they were working to notify customers that may have been affected. Fortune and Krebs both received the same canned e-mail response from a Verizon spokesperson that read:
“Verizon recently discovered and remediated a security vulnerability on our enterprise client portal. Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible.”
Though the company admits a breach occurred, they have not yet explained how it happened, who is responsible, or the exact number of customers who were affected.
In his post about the breach, Krebs noted that if thieves do purchase some or all of the Verizon customer data, those individuals will be “easy marks for phishing and other targeted attacks.”
Any Verizon Enterprise customers who have not been contacted by the company yet should reach out to them directly with any questions or concerns.