Personal data on more than 14 million Verizon customers have been reportedly exposed in an incident that highlights the importance of moving data protection practices to the cloud.
The security lapse, first reported on ZDNet and discovered by research firm UpGuard, involved technology supplier Nice Systems, which left Verizon customer data unprotected on an Amazon Web Services S3 storage instance. The data contained names, phone numbers and PINs that could be used to access their Verizon accounts.
The report did not say if hackers had accessed the data, only that it was left exposed and easily accessible by guessing a simple URL that directed to the improperly configured cloud drive.
[Related: 10 Companies To Watch In Cloud Security]
The report said up to 14 million subscribers were affected, about 10 percent of Verizon's 108 million total subscribers. The subscribers affected were primarily those who called Verizon's customer services line in the last six months, the report said.
Ra'anana, Israel-based Nice Systems, a $4.7 billion company, counts 85 companies in the Fortune 100 as customers. In addition to customer engagement, the company's crime and compliance unit provides fraud prevention, brokerage compliance, and enterprise-wide case management services for financial institutions and regulatory authorities. It partners with Cisco, Accenture and IBM, among others. Nice records and analyzes customer log records created by Verizon when subscribers call customer service.
Verizon, the Basking Ridge, N.J.-based service provider, downplayed news of the breach on Thursday afternoon, calling the incident "overstated."
A spokesperson for Verizon told CNBC that it has confirmed that beyond Verizon and Nice Systems, only the researcher who brought the issue to Verizon’s attention had accessed the AWS storage drive.
"In other words, there has been no loss or theft of Verizon or Verizon customer information … We regret the incident and apologize to our customers," the spokesperson said.
Michael Goldstein, CEO of Fort Lauderdale, Fla.-based LAN Infotech, said the incident is the latest example of companies needing to step up their game when it comes to cloud security. He said firms need to apply the same level of protections to data in the cloud that they do when it is stored on premises.
"It is a common misconception that my servers are secure with Azure and Amazon. They still need to be patched. That’s the misconception. I really see that across the board," Goldstein said.
Goldstein said this incident, as well as other recent similar events, show the need to get back to security basics, even if data is stored in the cloud. That includes patching, antivirus, backups, and more.
"The basic rules haven’t changed in 30 years – we just call them different things [in the cloud]. That’s what we’re telling all of our engineers and our clients," Goldstein said. "It really is basics. You can’t leave something unsecured like that."
The report of exposed Verizon data comes on the heels of two similar incidents with World Wrestling Entertainment and the Republican National Convention. Both cases involved misconfigured or poorly secured Amazon Web Services S3 storage instances. It is also the second telecom company hit by a security incident this week, following on news that Indian telecom company Reliance Jio was investigating a breach that affected more than 100 million of its clients.
related stories
Video
trending stories
sponsored resources

Cysurance
Cyber Insurance 360

Carbonite
Cloud Storage 360

Application Integration 360

Tenable
Cyber Risk 360

NPD
Industry Trends 360

Channel Chief Showcase

Smart 3rd Party
3rd Party Maintenance 360

Cradlepoint
5g for Business 360

Cato Networks
SASE & SD-WAN 360

Trend Micro
Trend Micro Learning Center

HubStor
Cloud Backup 360

eSentire
Managed Detection and Response 360

CyberPower
CyberPower

Veeam
Veeam

Comcast Business
Comcast Business Learning Center

CRN Showcase

APC by Schneider Electric
Digital Services for Edge Learning Center

Dell Technologies
Dell Technologies Server Learning Center

Dell Technologies
Dell Technologies Cloud Learning Center

Cyber Protection 360

VMware

EPOS
EPOS

Sophos
Sophos Cybersecurity Learning Center

iboss
Cloud SASE Platform 360

Vonage
Vonage

Sherweb
Sherweb

Vertiv
Edge Computing Learning Center

Dell Technologies
Dell Technologies Storage Learning Center

Fujifilm
Fujifilm

BlackBerry
BlackBerry Learning Center

Wasabi
Wasabi

Acer
Remote Workforce 360

Webroot
Webroot Learning Center

Comm100
Collaboration & Communications 360

Hitachi Vantara
Hitachi Vantara

Partner Program Guide Showcase
