Yahoo Effect Haunts Verizon: Millions of Customer Accounts Exposed by Partner


Verizon experienced a major breach of its data when partner company NICE Systems misconfigured a file repository on the cloud and inadvertently leaked sensitive information from an estimated 14 million Verizon US customers. Ranging from account PINs to addresses and names, the massive breach has been toned down to 6 million, according to an official statement by Verizon.

But 6 million or 14 million, the risk exposure to customers whose accounts have been compromised is not insignificant. It might not be as huge as the data leaks experience by Yahoo, which Verizon bought, but it is equally serious.

The only difference between the Yahoo hacks and this incident with Verizon’s data is that the latest snafu was an internal one rather than a hack. Apparently, one of NICE System’s engineers working out of Ra’anana in Israel misconfigured the data repository, exposing millions of data points.

The incident highlights the risks of having third-party vendors handle sensitive data. Since the virtual servers were in anAmazon Web Services S3 bucket administered by NICE Systems, there’s nothing Verizon could have done to prevent the exposure.

Incidentally, the data exposure was spotted by UpGuard, and Verizon was notified on June 13. However, it was not until June 22 – more than a week later – that Verizon and NICE managed to close the breach.

It’s clear that Verizon didn’t really learn much from the Yahoo breaches, or they would have immediately cut off all third-party vendor access to mission-critical data. Now, in addition to dealing with the legal fallout from the Yahoo hacks, the US carrier possibly has a fresh battle on its hands – this time, to convince its users that their data has not been compromised.

But much of the damage has already been done, and the worst part is that nobody knows who managed to get their hands on the data before the breach was closed. All that’s left to be done is hope for the best, reassure customers and encourage them to change their account PINs and whatever details possible. It’s a massive inconvenience, even at the lowest business impact level.

Thanks for visiting! Would you do us a favor? If you think it’s worth a few seconds, please like our Facebook page and follow us on TwitterIt would mean a lot to us.