The New York-based telecommunications company, Verizon Enterprise Solutions, has recently suffered from a security breach on their enterprise client portal.
Known for the infamous Data Breach Investigation Report, this seemingly ironic and unfortunate situation has 1.5 million Verizon customers vulnerable to attack, as security expert Brian Krebs reported that a dark-web forum was advertising the sale of a database containing contact information belonging to Verizon Enterprise customers.
The database was being priced at a whopping $100,000, but hackers were able to buy segmented portions of the list for $10,000 per section. Information on security vulnerabilities found on Verizon’s website was also available to purchase on the black market forum.
According to Krebs, Verizon was already aware of the security incident and made a statement to the media claiming: “Verizon recently discovered and remediated a security vulnerability on our enterprise client portal. Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible.”
While it’s comforting to know that only basic contact information was compromised during this specific breach, many of Verizon’s customers belong to Fortune 500 companies, and will now be the prime target for phishing attacks. Verizon Enterprise customers must be careful to not click on any suspicious links or provide personal information to anyone via email, as they may be working to steal your identity.
Furthermore, CEO of Identity Finder, Todd Feinman, claims that online scammers often piece together data stolen from several different outlets until they have enough information to do major damage. “We’ll see more and more of these sensitive data breaches being correlated together so that sensitive contact information can be combined with sensitive password dumps and other data to wreak havoc on other businesses and individuals.”
While Verizon’s been known to be a highly respected voice on all things security, no one is safe from attack, even those who work to prevent and detect such data breaches. These breaches show us all that even with an armory of security products and correctly operated security best practices, you can never guarantee that a breach won’t happen. Exploits exist long before they are ever discovered and the best that you can hope for is that you don’t get breached before you have been able to remediate.
That being said, prevention measures are still essential and effective but do not guarantee systems are ever 100% hack-proof. Host intrusion detection technology performs a vital contingency function- if and when defenses are breached, you are alerted and able to take action before data theft and damage goes too far.