Ride the Lightning

Verizon Acknowledges Data Breach Said to Impact 1.5 Million Customers

March 28, 2016

On March 1^st, Verizon, which famously investigates data breaches, released a Data Breach Digest involving 18 breach scenarios with pithy names. No doubt it was a more than a little embarrassed last week when it had to acknowledge a breach of its own.

Attackers used a flaw in the company's Web portal for enterprise customers to steal data on its clients, Verizon said. The compromise resulted in the leak of information on 1.5 million customers, which were put up for sale on a closed forum for $100,000, according to security-industry researcher and journalist Brian Krebs, who first reported the breach.

Verizon claims the company was aware of the breach before it was contacted by Krebs.

In a statement sent to eWEEK Verizon said "Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible. The impacted customers are currently being notified."

While Verizon did not confirm that 1.5 million customers were impacted, a spokesperson stressed that consumer data was not part of the breach.

Verizon has not yet issued its annual data breach report, so it will be interesting to see if it chooses to say anything about its own breach. John and I are Verizon customers so it will be intriguing, in a dismal sort of way, to see if we receive breach notifications in the coming week.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
www.linkedin.com/in/sharondnelson