Have you called Verizon customer service in the past 6 months? Your organization’s records may have been a part of the 6 million Verizon customers' account data that was leaked. Chris Vickery, the Director of Cyber Risk Research at UpGuard, discovered millions of exposed Verizon subscribers' records in late-June of this year. He estimated it to be as large as 14 million, which Verizion clarified in a statement to be 6 million records affected. This data was found on an unprotected Amazon S3 storage server that was operated by Nice Systems, a Verizon partner.

Nice Systems is a third-party vendor for Verizon. They maintained the exposed data repository which was on an Amazon Web Services S3 server at the Nice Systems Israel headquarters. These records were the recorded interactions of customer service interactions which Nice recorded, obtained, and analyzed to verify account holders and improve customer service.

Each of the exposed records contained the name, address, cell phone number, and account pin for the customer. It is feared that this easily accessible information could have been used to hijack phones or accounts which could then be used to break into email and social media accounts. The information was stored in six folders that contained information from January through June with several daily log files which recorded customer calls from US regions, according to the Verizon datacenters locations. The information for each call included further sensitive data such as email addresses, what Verizon services they used, and whether they utilized a federal government account.

Democratic congressman and Verizon user, Ted Lieu, shared his concerns regarding the breach in a recent statement for ZDNet, "I'm going to be asking the Judiciary Committee to hold a hearing on this issue because Congress needs to find out the scale and scope of what happened and to make sure it doesn't happen again…"

Verizon is in the process of investigating the improper storage of their data on the Amazon Web Services server. Their spokesperson made it clear that the project was authorized and ongoing and that the mistake was on their vendor’s employee who “incorrectly set their AWS storage to allow external access." At this time, there is no proof that the data was compromised.

Sadly, instances of employee mistakes are only expected to increase as organizations utilize more and more third party services. As cyber risk grows, make sure that you partner with a cybersecurity expert who ensures compliance and security protocols are enacted throughout every aspect of your business, including vendor relationships. Crossroads has served our clients with the latest cybersecurity technologies for over 20 years and we are confident we can do the same for you. Contact us today to secure your future against leaked sensitive information.