When researcher Chris Vickery told Verizon last month it was the victim of a cyber breach, it took over a week to secure the data that had been exposed, ZDNet reports. More than 14 million U.S. customers had their data exposed, including their addresses, names, phone numbers, and account PINs, according to security firm UpGuard, where Vickery works.
What it means: That's enough to get you into someone's account, even if there's two-factor authentication. European telecoms provider Orange may have also had some data on the exposed server.
How it happened: Verizon said an employee at NICE Systems, a third-party vendor, incorrectly left the sensitive data on an unprotected Amazon S3 storage server. CNN reports Verizon gave a third party access to this information to facilitate customer service calls (only customers who called customer service in the last six months had their information exposed).
85 of the Fortune 100 are NICE customers and the company has been linked with government intelligence agencies around the world, per Privacy International.
Implications: Charles Goldberg, Senior Director of Product for Thales e-Security, pointed out that while "an unfortunate incident in its own right, the Verizon leak is not a solitary occurrence. Amazon S3 buckets are vulnerable to data leaks…even very well trained professionals can find it challenging to manage access controls."
Verizon's take: Verizon said 6 million customers' personal data was leaked, rather than 14, according to CNN. There is "no indication that the information has been compromised."
What to watch: If the FCC investigates the breach. (Cosumer rights group Public Knowledge has called on the FCC to do so.)
