Verizon customers numbering around 14 million have had their personal information at risk for an indeterminate period of time, as the records were found in an unsecured server tied to Nice Systems. The server was an Amazon S3 storage server with no security measures to speak of, which means that anybody who had the correct web address could potentially have downloaded the information without running into any issues. The data on the server only included information on customers that had called into customer service within the past six months. The available data on those customers included their names, cell phone numbers, and their account PIN, which could allow anybody who obtains it to break into the customers’ Verizon accounts.
Nice Systems manages data for a number of Fortune 500 companies in a wide variety of industries. Its clients come to it for customer engagement data management analytics, and it participates in international law enforcement agencies’ battles against fraud and cybercrime, as well. The company operates across 150 countries with around 25,000 employees, and one of its chief client bases is the finance industry, though the mobile world is also high on the list. The company’s role in highly privileged operations makes this extreme security oversight all the more jarring.
There is no word on whether it seemed that any unauthorized parties had accessed the server in question and its contents. If any unauthorized parties did get that data, it could potentially allow them to spoof two-factor authentication or take over a customer’s Verizon account. The implications there are obviously quite grim; an account being taken over could lead to strange billing charges, account shutdown, adding unauthorized lines, and other such activity. Being able to fake two-factor authentication is a bit more chilling. Just about any service that uses a person’s phone number as a form of authentication could potentially be broken into this way. Hackers could use the forgot password function to lock people out of their accounts, steal information, or make changes to accounts. Verizon is currently investigating the breach, and maintains that the way that the information in question was stored, was actually out of protocol.