Another day, another breach of data. This time, if you are a Verizon customer, your data might have been exposed thanks to an Israeli technology company’s oversight.
It is believed that as many as 14 million subscribers were impacted, and you might be one of them if you have contacted Verizon customer service in the past six months. These records were held on a server that was controlled by Israel based Nice Systems and the data was available to anyone who guessed the simple web address.
Nice Systems is not some fly-by-night company. Instead, they are an extremely well-known and trusted company that 85 of the Fortune 100 work with. In fact, Nice boasts more than 25,000 customers in more than 150 countries around the world. Furthermore, the company is linked to several intelligence agencies associated with world governments, and is active with companies such as Cellebrite and Hacking Team, which focus on hacking, cracking and surveillance technologies.
The data breach was discovered by Chris Vickery, who is with the security firm, UpGuard. He informed Verizon of the data exposure in late-June, and it took more than a week to secure the breached data.
The actual data that was obtained were log files that became generated when customers of Verizon contacted the company via phone. Verizon saves this information to later go back to verify accounts and to improve their customer service. Each record that was accessed included the name of the customer, their cell phone number, and the PIN associated with account. This information is enough to access each person’s Verizon account according to security experts who were briefed on the breach. With this information, account takeovers and phone hijacking could occur, which could lead to the hacking of social media and email accounts.
This is only the tip of the iceberg, though.
There were also folders accessed from January to June 2017, which contained log files from several regions across the country. Each of these records contained additional data including the customer’s physical address, email address, the balance on their account, and the Verizon services the customer had. There was also a ‘frustration score,’ which shows if a customer was complaining about their service.
This breach is troubling. In fact, it’s so troubling that lawmakers are stepping in, such as Rep. Ted Lieu (D), who is not only a congressman, he was a computer science major. Lieu claims that he plans to ask the Judiciary Committee to hold a hearing on this breach because it’s important to not only find out the scale of something like this, but to ensure that it doesn’t happen in the future. Lieu is also a Verizon customer and could have been affected.
Verizon, of course, has made a statement about the breach, and the company plans on investigating how the data was stored inappropriately in the first place.
The company also said that it “provided the vendor” with data as part of an ongoing project. The spokesperson said that the employee of the vendor, in this case, Nice, incorrectly allowed external access. Verizon was not aware that the data was exposed and had no control over the server. The company also claimed that most of the information exposed had “no external value.” However, it is known that personal information was exposed. There is no indication that the information has been inappropriately used at this point, though.
Nice is also investigating the breach, and a spokesperson from that company said that no other products or systems were involved, and no other Nice customer data was compromised. At this point, it is not clear as to who had access to the server or if the data was downloaded by anyone. Verizon has requested information from Nice about who has access to the affected storage. Nice remains steadfast that no external party accessed this data, though how they know that is unidentified.
Verizon customers should change their passwords immediatley and be on the lookout for any phishing emails or scammy phone calls requesting personal information.
Image courtesy of Flickr user Mike Mozart.