Verizon, the largest wireless phone company in the U.S., last week confirmed that data belonging to about six million of its wireless customers was exposed after the information mistakenly was allowed to remain unprotected on an Amazon cloud server.
The disclosure follows reports that an engineer at Nice Systems, which provides workforce management technology to track call center performance, allowed the data of 14 million Verizon customers to reside on an Amazon Web Services S3 bucket.
The Verizon data was part of a larger data exposure, according to UpGuard, the firm that discovered the problem.
Data from Orange, a Paris-based telecom, was exposed as well, it said.
Of greatest concern were the Verizon personal identification numbers that were left exposed, along with customers’ names, addresses and account information, said Chris Vickery, director of cyber risk research at UpGuard.
“With that detail, a fraudster could have master access to a Verizon customer’s account control,” he told the E-Commerce Times. “It would be theoretically possible to order new hardware or issue a new SIM card for a phone.”
Getting a new SIM card would allow a fraudulent actor to overcome two-factor authentication requirements, Vickery said.
Upguard disclosed the information to Verizon on June 13 and the breach was closed on June 22.
Nice Systems technology is used around the world for government surveillance, according to UpGuard.
Nice officials confirmed the Verizon exposure, but denied the error was indicative of any larger problem within the company. The company did not comment on the reported Orange data exposure.
“A human error that is not related to any of our products or our production environments, nor their level of security, but rather to an isolated staging area with limited information on a specific project, allowed a customer’s data to be made public for a limited period of time,” Nice said in a statement provided to the E-Commerce Times by spokesperson Ilana Hart.
Data belonging to…