Verizon: data from more than six million subscribers at large on the public cloud
The personal data of several million Verizon subscribers is on the run following a manipulation error by Nice Systems, one of the operator’s partners based in Israel. A new scandal which once again raises the question of data security.
The names, addresses and telephone numbers of millions of customers of the American operator Verizon have been published online by Nice Systems, one of the company’s partners responsible for facilitating customer service by telephone. In some cases, even the PIN codes of certain users have been exposed. It was the software security firm UpGuard that discovered and revealed the existence of this leak .
UpGuard first informed Verizon privately after discovering the data leak at the end of June, before the US site ZDNet publicly disclosed the matter. According to Verizon, more than six million subscribers are affected by this large-scale leak . FoxNews goes further by claiming that more than 14 million accounts would be compromised.
Verizon: a large-scale leak following an Amazon S3 server configuration error
The information was made available to the public after Nice Systems stored it on the public cloud, which is different from the private cloud. All customers who have contacted Verizon customer service in the past six months are affected as Nice Systems has uploaded the logs to an unprotected Amazon S3 storage server . Server security was misconfigured by one of the firm’s employees, so anyone with the server’s web address could download these files.
However, Verizon says that only UpGuard has managed to view this information before sharing it with the company . Unveiled on June 13, the leak was filled nine days later, on June 22. No information was lost or stolen, according to spokesperson David Samberg. Otherwise, a malicious person could have impersonated a Verizon subscriber without any difficulty.
Verizon: an incident that once again raises the question of the security of personal data
According to a press release from Nice Systems, an seller based in Israel, this is a human error which does not in any way reflect a problem with the safety of its products . However, in the eyes of John Gunn of VASCO Data Security, the fact that no data was downloaded does not in any way minimize the seriousness of this accident. The consumer association Public Knowledge has contacted the Federal Communications Commission to investigate the matter.
As Yosef Geatachew of Public Knowledge points out, telecommunications companies have a duty to protect the personal information of their subscribers . This responsibility includes ensuring that employees, contractors and partners take sufficient security measures to protect consumer data. In Europe, from 2018, companies will have to comply with the GDPR regulations or face heavy sanctions .
It is not the first time that such a data breach has occurred. The incident is reminiscent of the recent data leak of more than 200 million American voters . This new scandal once again raises the crucial question of data security in the era of Big Data.