Names, address, account details and personal identification numbers for as many as 14 million Verizon customers were publicly accessible and unsecured in June because of a third-party cloud server problem, according to a new report.
Chris Vickery, of Upguard, reported the breach after he discovered a database of Verizon customers on a cloud server account of a Verizon subcontractor in a way that could be accessed by anyone who knew where to look for it.
The cloud account, administered by the Israeli firm NICE Systems, hosted what appeared to be a daily log of Verizon accounts, Upguard reported.
The files “exposed the names, addresses, account details, and account personal identification numbers (PINs) of as many as 14 million US customers of telecommunications carrier Verizon, per analysis of the average number of accounts exposed per day in the sample that was downloaded,” according to the report.
Vickery contacted Verizon about the files after discovering them on June 8, and the data was secured by June 22.
Verizon stressed in a statement that Vickery was the only person to access the user data without authorization.
“We have been able to confirm that the only access to the cloud storage area by a person other than Verizon or its vendor was a researcher who brought this issue to our attention. In other words, there has been no loss or theft of Verizon or Verizon customer information,” the company said.
–This report was updated at 1:32 p.m.