logo
Share SHARE
FONT-SIZE Plus   Neg

Verizon Customer Data Including PIN Numbers Exposed

Verizon-Support-071317-lt.jpg

Verizon Communications Inc. (VZ) has confirmed a data breach that exposed the personal data of millions of its customers, but said that an employee of one of its third-party vendors was at fault. The company also stressed that no loss or theft of Verizon or Verizon customer data was reported.

According to media reports, data on up to 14 million Verizon customers was readily available to download after an employee at Nice Systems left them on an unsecured Amazon server. Israel-based Nice Systems is a third-party vendor that handles customer service operations for Verizon.

he breach was reportedly discovered by cybersecurity company UpGuard on June 8 and was closed on June 22 after Verizon was notified of the problem.

The mis-configured cloud-based data repository reportedly exposed the personal data of millions of customers who had called Verizon customer support during the past six months. The exposed data is said to have included customer names, street as well as email addresses, phone numbers and PINs.

However, Verizon said the figure was "overstated" and that the Nice Systems employee incorrectly set the Amazon Web Services or AWS storage to allow external access, causing the data breach. According to the company, the exposure was limited to six million customers.

The company added that the PINs included in the data set are used to authenticate a customer calling its wireline call center, but do not provide online access to customer accounts.

"We have been able to confirm that the only access to the cloud storage area by a person other than Verizon or its vendor was a researcher who brought this issue to our attention. In other words, there has been no loss or theft of Verizon or Verizon customer information," Verizon said in a statement.

According to Verizon, the overwhelming majority of information in the data set had no external value, although there was a limited amount of personal information included. In particular, there were no Social Security numbers or Verizon voice recordings in the cloud storage area.

Verizon has apologized to its customers for the incident and said it is committed to their security and privacy.

by RTT Staff Writer

For comments and feedback: editorial@rttnews.com

Business News

comments powered by Disqus
Follow RTT