Exposed data included names, addresses, phone numbers, account information and, in some cases, PIN codes that customers use to verify themselves to phone-based customer-service teams. The exposed data was stored in logs and information associated with customer-service calls.
The data exposure was discovered by Chris Vickery, a researcher with the cyber risk team at security vendor UpGuard.
The data was contained in an unsecured Amazon Web Services Simple Storage Service (S3) "bucket," or storage instance, Dan O'Sullivan, a cyber resilience analyst at UpGuard, writes in a blog post. Israel-based NICE Systems, one of Verizon's partners, controlled the repository.
Verizon says in its statement that NICE was supporting "a residential and small business wireline self-service call center portal and required certain data for the project."
UpGuard notified Verizon on June 13 about the data exposure, but the bucket wasn't locked down until June 22. UpGuard characterized that length of time as "troubling." Officials at NICE couldn't immediately be reached for comment.
We need to be notified, I am getting some really weird call trying to defraud me now. Is this because of your breach?