SAN FRANCISCO —The names, addresses and phone numbers of millions of Verizon customers were publicly exposed online by one of the company’s vendors.
In some cases, security pins were also exposed by Nice Systems, a Verizon vendor, according to software security firm UpGuard, which uncovered the leak.
UpGuard privately informed Verizon of the breach after discovering it in late June, according to ZDNet, which broke the story.
Verizon says about 6 million customer accounts were made publicly available when an employee of Nice Systems put information into a cloud storage area and permitted external access to the information.
The only person other than Verizon and its vendor to access the storage area was the researcher at UpGuard who brought the issue to Verizon’s attention, the company said.
“There has been no loss or theft of Verizon or Verizon customer information,” Verizon spokesman David Samberg said.
Nice Systems, headquartered in Israel, said in a statement: “This human error is not related to any of our products or our production environments nor their level of security, but rather to an isolated staging area with limited information for a specific project.”
John Gunn, chief marketing office for VASCO Data Security, said “the fact that no data may have been downloaded doesn’t minimize the risk of instances such as this.”
Consumer rights group Public Knowledge called on the Federal Communications Commission to investigate.
“Telecommunications companies have a duty to protect the personal information of their subscribers. This includes ensuring that their employees, contractors, and business partners take appropriate security measures when they handle sensitive customer data,” Yosef Getachew, policy fellow at Public Knowledge said in a statement.
Source: Tech CNBC
Verizon data from 6 million users leaked online