Fourteen Million Customer Records Exposed in Verizon Wireless Security Lapse

The information exposed included phone numbers and account PINs

Fourteen Million Customer Records Exposed in Verizon Wireless Security Lapse
Image: Pexels
July 13, 2017

Records for as many as 14 million Verizon Wireless subscribers were exposed on an unprotected Amazon storage server controlled by a technology company based in Israel.

Who Is Affected?

ZDNet writes that an employee of Nice Systems was responsible for controlling the server, which contained millions of records for Verizon subscribers who had called its customer service department during the past six months.

Information Exposed

According to security firm UpGuard, information that was left exposed included subscribers' names, addresses, account information, and account PINs.

The purpose of this server repository for logging customer data was, according to ZDNet, to verify the identity of account holders as well as to improve customer service.

The Consequences

Security experts are warning affected consumers about the possibility of phone hijacking and account takeovers, which could let hackers break into the consumer's email and social media accounts—even those they've protected with two-factor authentication.

The Response

Congressman Ted Lieu, who is also a Verizon customer, was troubled by the incident. "I'm going to be asking the Judiciary Committee to hold a hearing on this issue because Congress needs to find out the scale and scope of what happened and to make sure it doesn't happen again," he told ZDNet.

Verizon stated that it is performing an investigation into how its subscribers' information came to be improperly stored on the unsecured server.

Data Exposed But Not Hacked

A Nice Systems spokesperson assured consumers that no hack occurred in its systems or products.

"No other Nice customer data was involved," the spokesperson said.

Eighty-five Fortune 100 companies are also Nice customers. The company's main customer base is in the financial services sector, but it has also been linked to several government intelligences agencies as well as the surveillance and phone-cracking companies Hacking Team and Cellebrite.