Realistically, a data breach can happen to any organization out there. Some organizations tend to place a much heavier focus on their security, which keeps them better protected, but even a single slip up can result in large amounts of data being exposed. This is borne out by the numerous breaches that have occurred because of incorrect settings on a database, leaving it accessible to virtually anyone. Even some of the most reputable and secure organizations can have a breach if they are not meticulous about every potential access point within their networks and systems. And unfortunately, this has now occurred to Verizon, which was previously known as a highly secure organization.
The Discovery of the Breach
Back in June, Chris Vickery of UpGuard had discovered a leaked amount of customer records residing upon an unsecured Amazon server. Apparently, the database had been left unsecured as a result of misconfiguration from a third party vendor called Nice Systems. According to reports, around 6 million customers had their records exposed, such as names, mobile number, email address, home address, account balance, and their account PIN. The records within the database had been generated from customers who had called Verizon customer service within the past six months. Some of the records had been partially redacted, but most of them were not. Details like this could be threatening in the hands of someone with malicious intent, as they could impersonate the customer and gain access to their account. Though, Verizon has said that the PINs accessed in the breach were for authenticating call center customers, rather than for customer accounts. After Vickery had initially informed Verizon of the breach, it took over a week for them to finally secure the database. Verizon said that there had been no unauthorized access to the database other than by Vickery, but they did not say how they verified this.
This is an interesting turn of events, largely because as mentioned above, Verizon is typically known as a pretty secure company. In fact, they release their own cyber security and data breach report that details key findings and tips. For them to have a breach themselves really shows that incidents can occur from even the most minute error or overlooked setting. Every single system, network, setting, database, etc must be thoroughly inspected and vetted to ensure protection, and this includes verifying these things with any contracted third parties as well. Far too many organizations tend to neglect evaluating third party vendor security.
Addressing a Data Breach With Cyber Investigation Services
When an organization finds themselves subject to a breach, it is important that a thorough investigation of the incident is completed. They need to discover the source of the breach, whether it was a result of a perpetrator, trace said perpetrator, and patch the vulnerability. There is much more that can be necessary, with the above only being some of the main points. Some organizations may lack the resources to perform a complete job, which is why they may need to enlist third-party cyber investigation services. A comprehensive investigation can help to ensure that the incident is fully addressed, and that weak security is bolstered for the future. And conversely, a poor investigation can potentially leave the breach only partially remediated. Massive Alliance offers detailed cyber investigation services to help ensure that all sides of an incident are uncovered.