Verizon confirmed on Wednesday the personal data of 6 million customers has leaked online. The security issue, uncovered by research from cyber security firm UpGuard, was caused by a misconfigured security setting on a cloud server due to “human error.”
The error made customer phone numbers, names, Verizon confirmed on Wednesday the personal data of 6 million customers has leaked online. and some PIN codes publicly available online. PIN codes are used to confirm the identity of people who call for customer service. No loss or theft of customer information occurred, Verizon told CNN Tech. UpGuard — the same company that discovered leaked voter data in June — initially said the error could impact up to 14 million accounts.
Chris Vickery, a researcher at UpGuard, discovered the Verizon data was exposed by NICE Systems, an Israel-based company Verizon was working with to facilitate customer service calls. The data was collected over the last six months. Vickery alerted Verizon to the leak on June 13. The security hole was closed on June 22.
Dan O’Sullivan, a Cyber Resilience Analyst with UpGuard, said exposed PIN codes is a concern because it allows scammers to access someone’s phone service if they convince a customer service agent they’re the account holder. O’Sullivan says the Verizon case highlights how many third-parties have access to our personal data.
“Cyber risk is a fact of life for any digital service,” O’Sullivan said. “As data becomes more powerful and more accessible, the potential consequences for it to be misused also becomes more dangerous.”