Verizon has responded to reports of customer data found on an unsecured server belonging to one of its vendors, saying that the company has no reason to believe that any customer data was accessed by any unauthorized parties who could put customers at risk. According to Verizon, an investigation into the security breach confirmed that the only people who accessed the data were Verizon employees, employees of Nice Systems, the vendor that made the mistake, and a single security researcher who brought the issue to Verizon’s attention. Additionally, a company spokesperson reported that the PIN numbers found with customer records were only for authentication with call center employees, and would not give anybody access to any accounts.
The breach was found on Wednesday. An employee of Nice Systems, a data handling vendor for Verizon and many other Fortune 500 firms, reportedly left data on an unsecured Amazon web server, meaning that anybody with the correct web address could have easily obtained the data. According to various reports, the web address in question was a rather easy one to guess. Initial estimates put the number of customers whose information was put at risk somewhere around 14 million. There had been no evidence at the time of the finding to suggest that the Nice Employee’s negligence had led to any unauthorized access to the Verizon customer data, and now Verizon has officially confirmed as much.
Breaches of this sort are somewhat uncommon compared to more traditional data breaches, where a hacker or group of hackers takes advantage of a vulnerability in a security system to steal data, install malicious code, or otherwise wreak havoc on a given system. Breaches like that often happen on a fairly large scale, ranging all the way up to breaches well into the hundreds of millions of users, as seen with Yahoo. This particular case was a best case scenario of sorts; while the data should never have ended up on an unsecured server in the first place, let alone been left there for a security researcher to find and report, Verizon’s report that no data was accessed and that things have been patched up means that customers are safe.