Usually when we talk about millions of customer records getting exposed, we get to make wild gesticulations towards anonymous hackers. Not so with Verizon’s latest security gaffe — the information of 14 million customers, including some PINs, were made available online because an employee goofed up.
ZDNet broke the story, revealing that the customer records were made accessible because of an error by an employee of Nice Systems, a data analytics and fraud prevention firm based in Israel. Nice takes in metadata from Verizon customer service calls, including names, phone numbers, PINs, and addresses. The firm uses that info to supply Verizon with a range of services, from fraud and money laundering detection to how frustrated a customer is during the call (by keeping a tally of how many times certain words are said during those customer service conversations — admittedly, we’d love to see that part of the database).
To store all those databases, Nice uses Amazon’s cloud storage services. Apparently, someone at Nice failed to protect one of the servers, leaving it completely unencrypted and without a password. Anyone who wanted to access the info simply needed to know the right web address, and they could grab all that info with no trouble.
Another security firm, UpGuard, discovered the security lapse and notified Verizon late last month, and the problem was fixed after a week. Since then, Verizon has assured ZDNet that the information has not been accessed by any third parties, but the report says that Verizon did not elaborate on how they know that for sure.
If you’re not inclined to believe Verizon, the only thing you should do in response to this is change your PIN if you’re a Verizon customer. Knowledge of that PIN could allow fraudsters to impersonate you in calls to customer service, and that definitely won’t end well for you. On the off chance that some of those fraudsters did lay eyes on this data, you’ll want to be safe and make that change as soon as you can.