A business to business telecommunication giant, Verizon Enterprise Solutions, a Basking Ridge, New Jersey-based company, has been the latest victim of a cyber crime that stole 1.5 million contact records of the customers of Verizon.
The culprit is selling them online as a whole for $100,000 and as bits for $10,000 per 100,000 records. Buyers could also purchase information about cyber vulnerabilities in Verizon’s website.
“Verizon recently discovered and remediated a security vulnerability on our enterprise client portal,” the company said in an emailed statement to KrebsOnSecurity. “Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietarynetwork information (CPNI) or other data was accessed or accessible.”
The seller offers different database formats, including the platform MongoDB. However, Verizon has not yet commented on how did the culprit managed to breach the system.
With that, many telecom companies are now aware that even the greatest providers are not immune to such attacks. On a statement by Andrew Pryfogle, senior vice president of cloud transformation for Petaluma, California-based Intelisys, a Verizon master agent partner:
“If one of the leading providers of cloud security solutions in the world can itself be compromised, then anybody can be,” Pryfogle said.
A spokesperson from Verizon said that no customers were impacted by the breach and the cause remains unclear but are already notifying the affected enterprise customers. They did not tell however if whether any partners that are working with Verizon Enterprise Solutions are affected by the breach.