Millions of Verizon customers’ details exposed
14 Jul 2017
An unsecured data storage system has revealed millions of customer records. The customers in question were Verizon customers in the US and the exposure was due to a misconfigured cloud-based file repository owned by Nice Systems.
According to security firm, UpGuard, which uncovered the unsecured data, up to 14 million Verizon customer details were available to download by anyone who could guess a web address.
However, Verizon clarified that the number was 6 million.
The data was traced by UpGuard back to a Nice Systems engineer based at the company's headquarters in Ra'anana, Israel. Nice Systems is a provider of both back-office and call centre operations systems for Verizon.
The Nice engineer had set up an Amazon Web Service S3 data store which was then used to log customer log data of the company. The data included names, addresses, phone numbers, and account PIN codes and when used together a scammer could quite convincingly pose as a Verizon customer on a call.
According to ZDNet, the data was collected from customer calls and stored by Nice Systems so that it could be analysed to help improve the customer service experience. The log files created contained the last six months of customer call data. But the question was why was it unsecured, and why was it the responsibility of a single engineer at Nice, according to commentators.
Nice, which counted 85 of the Fortune 100 as customers, was engaged in two main lines of business - software markets and financial crime and compliance including tools for preventing fraud and money laundering.
The company's 2016 revenue stood at $1.01 billion, up from $926.9 million in the previous year. The company counts over 25,000 customers in about 150 countries.
A Verizon spokesperson said, "Verizon provided the vendor with certain data to perform this work and authorized the vendor to set up AWS storage as part of this project," said a spokesperson. "Unfortunately, the vendor's employee incorrectly set their AWS storage to allow external access."