Obama Verizon Cell Phone Account 'Should Have Been Deleted'

The account is currently inactive, and an Obama aide told Reuters that there is no evidence that the content of the voice-mail messages and e-mails had been compromsid.

"We were notified yesterday that employees had accessed the records of an old cell phone no longer in use," the Obama aide said. "No voice or e-mails were listened to or read."

The exposed Verizon mobile phone account was not from a Blackberry or other smart phone storing large amounts of personal and financial data, but instead belonged to Obama's old flip phone account that had been inactive for several months. The possible breach was also limited to billing records, including a list of calls made along with times and durations, but did not appear to include personal information such as passwords and credit card numbers.

Verizon Wireless President and Chief Executive Officer Lowell McAdam issued a written statement Thursday apologizing to Obama on behalf of the company. McAdam said that the individuals who had accessed Obama's account were put on immediate leave without pay. He also maintained that the employees who accessed Obama's account due to legitimate business needs would be returned to their positions while employees who had improperly viewed the account "without legitimate business justification" would face "appropriate disciplinary action."

"As the circumstances of each individual's employee's access to the account are determined, the company will take appropriate actions," said McAdam. "We apologized to President-elect Obama and will work to keep the trust our customers place in us every day."

Meanwhile, security experts say that Obama's inactive account should have been deleted. Data breaches often occur when the information on inactive accounts remain accessible, even if not currently used by the customer or employees, experts say.

"Inactive accounts are a huge problem," said Deepak Taneja, president and CTO of Aveksa, which specializes in user entitlements and access. "That inactive account should have been deleted. There was no reason for it to be around. No one seemed to be responsible for it."

"These inactive accounts become a source of information theft and intellectual property theft," he added.

Often employees' account information remains at least partially active after they leave a company or get transferred to a different department, Taneja said, which often opens the door for a range of internal data breaches.

"When the employees leave, their accounts don't get removed after they leave. Those inactive accounts are just sitting there. That's a huge problem it's all tied in to a lack of process," he said.

Ultimately, Obama's breach speaks to the challenges companies like Verizon face when implementing processes required to track employee's access to customer information, Taneja said.

"Companies need access governance solutions that help them track who has access to what," said Taneja. "This is not new. [These incidents are] all evidence of a lack of strong governance of business process to help companies track who had access to what."