A data breach at Nice Systems, a partner of Verizon’s, has exposed millions of customer records. Nice Systems is an Israeli company that facilitates customer service calls. The exposed records include phone numbers and account PINs for at least 14 million subscribers. The records were found on an unprotected Amazon S3 storage server that was controlled by an employee of Nice Systems.
Exposed were six folders that dated back to January of this year. Each folder held daily log files from customer phone calls. The records in these files included customers’ names, home and email addresses, the current balance of their accounts, and the Verizon services the customer subscribed to. The files also exposed customers’ PINs and if the customer had a Verizon federal government account. Nice Systems was using the database to log customer data. The worry for customers is that if hackers have access to their account PINs, then they have access to their subscriber account.
The majority of Nice Systems’ customers are on the Fortune 100 list. The company has over 25,000 customers in 150 countries. The security researcher who discovered the data breach notified Verizon of the security risk on June 13th, but Verizon didn’t protect the data until a week later.
Verizon says it is currently investigating how customer data was improperly stored on the Amazon Web Services server. Verizon says that the only person who was able to access the cloud storage area other than an employee of Verizon or Nice Systems was the security researcher who discovered the vulnerability.
Companies can take extensive measures to protect their networks and data, but they will never fully know how seriously their partners take cybersecurity. Companies need to make sure that their partners prioritize securing customer and company data. Companies should also make sure that they are reliable enough for other organizations to partner with. Below are a few steps that companies can take to secure their data from hackers:
The data breach at Nice Systems and Verizon demonstrates that even secure companies can be exposed by their partners. With vulnerability audits and continuous monitoring, companies can readily uncover gaps in their security. Companies should use endpoint security software to quickly remediate any lapses in security, ensuring that hackers don’t have a chance to exploit vulnerabilities.