What You Need to Know:
Another day, another breach of data. This time, if you are a Verizon customer, your data might have been exposed due to an Israeli technology company’s oversight.
It is believed that as many as 14 million subscribers were impacted, and you might be one of them if you contacted Verizon customer service in the six months leading up to the incident. These records were held on a server that was controlled by Israel-based Nice Systems and the data was available to anyone who guessed the simple web address.
Nice Systems is an extremely well-known company that’s trusted by 85 of the Fortune 100. Nice boasts more than 25,000 customers in more than 150 countries worldwide. Furthermore, the company is linked to several intelligence agencies associated with world governments and is active with companies such as Cellebrite and Hacking Team, which focus on hacking, cracking and surveillance technologies.
The data breach was discovered by UpGuard’s Cyber Risk Team. They informed Verizon of the data exposure in June 2017, and it took more than a week to secure the breached data.
The actual data obtained were log files that became generated when customers of Verizon contacted the company via phone. Verizon saves this information to later go back to verify accounts and to improve their customer service. Each record that was accessed included the name of the customer, their cell phone number, and the PIN associated with the account. This information is enough to access each person’s Verizon account, according to security experts who were briefed on the breach. With this information, account takeovers and phone hijacking could occur, which could lead to the hacking of social media and email accounts.
This is only the tip of the iceberg, though.
There were also folders accessed from January to June 2017, which contained log files from several regions across the country. Each of these records contained additional data, including the customer’s physical address, email address, the balance on their account, and the Verizon services the customer had. There was also a “frustration score,” which shows if a customer was complaining about their service.
This breach is troubling. In fact, it’s so troubling that lawmakers are stepping in, such as Rep. Ted Lieu (D), who is not only a congressman, he was a computer science major. Lieu claims that he plans to ask the Judiciary Committee to hold a hearing on this breach because it’s important to not only find out the scale of something like this, but to ensure that it doesn’t happen in the future. Lieu is also a Verizon customer and could have been affected.
Verizon made a statement about the breach, and the company plans on investigating how the data was stored inappropriately in the first place.
The company also said that it “provided the vendor” with data as part of an ongoing project. The spokesperson said that the employee of the vendor, in this case, Nice, incorrectly allowed external access. Verizon was not aware that the data was exposed and had no control over the server. The company also claimed that most of the information exposed had “no external value.” However, it is known that personal information was exposed. There is no indication that the information has been inappropriately used at this point, though.
Nice is also investigating the breach, and a spokesperson from that company said that no other products or systems were involved, and no other Nice customer data was compromised. At this point, it is not clear as to who had access to the server or if the data was downloaded by anyone. Verizon has requested information from Nice about who has access to the affected storage. Nice remains steadfast that no external party accessed this data, though how they know that is unidentified.
Verizon customers are advised to change their passwords immediately and be on the lookout for phishing emails or vishing phone calls requesting personal information.
