In yet another leak of customer information that should surprise approximately no one, Verizon has proven negligent in its consumer safety with a major loss of consumer data. With recent trends in massive breaches, this latest misstep is just another piece of evidence on the pile towards the general lack of appropriate measures taken with confidential information.
The latest in industry-wide breaches
While news of a breach shouldn’t be surprising at this juncture, the details of Verizon’s lapse in security has enough worrying details that it hints at a larger possibility of mismanagement rather than a one-time mistake. The breach was discovered in late June by digital security firm UpGuard who have pointed the finger at a misconfigured cloud-based data storage solution that Verizon managed for the storage of customer data.
The breach took almost a week to close and data that may have been lost consists of an alarmingly wide swath of customer information points that, with any luck, haven’t found their way into the wrong hands. The majority of data fell into routine log files Verizon collects through interactions with its customers with many data points accessed via any customer who called customer service within the last six months. Information within includes names, contact information and even Verizon PINs which could allow outside sources to take control of a compromised user’s account.
Furthermore, these logs contain additional details about a customer that are more worryingly personal than simply losing a name to the void; Some logs contained what Verizon refers to as a “frustration score” that is generated by the number of times a customer utters certain phrases during a call. Account balances and government account status are also possible data points that may have been lost in the breach. Some of these logs appear to have gone through a basic form of obfuscation to keep some data secure, while others are completely open and free of redaction.
The bigger picture painted by data loss
It’s no small coincidence that this breach falls close to the median time it takes to detect most cybersecurity breaches; At an average of 197 days before a breach is discovered, there seems to be plenty of time for those with ill intent to root around in personal files and make off with anything deemed usable months before any headway is made into plugging the gap.
Verizon’s breach occurred at the hands of a remote cloud storage server hosted by Amazon handled through a vendor, as the company states, which passes the blame from one pair of shoulders to another. Even with perfect security measures the human element often proves to be the weakest link. It’s no longer appropriate to simply wonder if a breach will happen: Companies have to take preventative measures to account for the inevitable losses that will occur.
Legislators are pushing for an investigation and the situation is far from resolved yet the picture painted by Verizon’s leak does little to dissolve recent negative opinions on cybersecurity concerns regarding large companies. Consumers can only have their private information mishandled and lost so many times before very serious repercussions reach their private lives and we’re well beyond the point of giving such gargantuan conglomerates a free pass. If anything, a breach of this nature should serve as a warning to storage providers regardless of scale.
By Andrej Kovacevic
Updated on 4th February 2020