Security lapse leads to data leak from millions of Verizon customers
NEW YORK - A security researcher says a lapse has exposed data from millions of Verizon customers, leaking names, addresses and personal identification numbers, or PINs.
Verizon Wireless says 6 million customers were affected, but the company says that none of the information made it into the wrong hands. The company says the only person who got access to the data was the researcher who brought the leak to its attention.
The security firm, UpGuard, says the problem stemmed from a cloud server that a third-party vendor had misconfigured.
Gartner analyst Avivah Litan says the issue comes down to human error and it doesn’t make sense to blame cloud service providers like Amazon and Google. She says such lapses are likely common, but it’s hard to know since we only know what’s disclosed.
Verizon issued a public relations statement claiming there was no loss or theft of customer information.
"As a media outlet recently reported, an employee of one of our vendors put information into a cloud storage area and incorrectly set the storage to allow external access. We have been able to confirm that the only access to the cloud storage area by a person other than Verizon or its vendor was a researcher who brought this issue to our attention. In other words, there has been no loss or theft of Verizon or Verizon customer information."
In the statement Verizon said the vendor was working on a residential and small business wireline self-service call center portal at that time.
" The overwhelming majority of information in the data set had no external value, although there was a limited amount of personal information included, and in particular, there were no Social Security numbers or Verizon voice recordings in the cloud storage area."
--The Associated Press contributed to this report