Verizon Partner Leaks Millions of Customer Accounts

[FrgMstr]

Another day, another security breach. This time a cloud server owned by NICE systems, a third party vendor for Verizon, is to blame as reported by UpGuard. While the culprits look to now have a lot of your personal information, the PIN numbers on the accounts where not compromised. Still probably a good idea to go in and update those passwords and PIN numbers as well.

A great many Verizon account details are also included in the logs, such as customer names, addresses, and phone numbers, as well as information fields indicating customer satisfaction tracking, such as “FrustrationLevel,” and service purchases, such as “HasFiosPendingOrders.” Values including number ratings, “True,” “False,” “Y,” and “N” are assigned to each field. For a large amount of these logged calls, however, the most sensitive data—such as “PIN” and “CustCode”—is masked.

Beyond the sensitive details of customer names, addresses, and phone numbers—all of use to scammers and direct marketers—the prospect of such information being used in combination with internal Verizon account PINs to takeover customer accounts is hardly implausible. To do so would enable impersonators to tell Verizon call center operators to do whatever was wished of them—enabling, perhaps, costly “SIM Swap” scams of customer SIM cards, or, as reported by The Verge, the breaching of two-factor authentication:

 

[Krazy925]

Still better ran than OPM.

 

[deeppow]

Thanks Kyle, we changed our login.

 

[Spidey329]

FrustrationLevel

So now, I'm curious, could this be a value assigned for how frustrated the customer was with the service or how the CSR rated the interaction with the customer? Kinda like how Comcast (iirc) was giving customers special names.

 

[thesmokingman]

So now, I'm curious, could this be a value assigned for how frustrated the customer was with the service or how the CSR rated the interaction with the customer? Kinda like how Comcast (iirc) was giving customers special names.

Probably how pissed off the customer is. You don't care what the CSR's frustation level is per customer, hell do they even track that? At the end of service chats, you fill out that survey... considering it's Verizon and how often they piss off their customers, like oh I dunno banning them for using unlimited bandwidth per the title. lol

+1 more for keep your confidential data on ze cloud!

 

[deeppow]

Being pissed is a reason for screwing all the rest of us by giving all that info? Makes a lot of sense in todays environment. "Its about me, screw the rest of you."

 

[lollerwaffle]

My personal information is worth cash money. We have well reached a point where corporations leaking information should pay cash. Not some membership to "protect your shit with useless notification mechanism, worth $100/year", no, cold, hard cash.
I want to see that financial penalty for leaks. Suddenly you'll see careless IT staff fired, better maintenance of servers and such because to do otherwise means having less money.

 

[Converge]

My personal information is worth cash money. We have well reached a point where corporations leaking information should pay cash. Not some membership to "protect your shit with useless notification mechanism, worth $100/year", no, cold, hard cash.
I want to see that financial penalty for leaks. Suddenly you'll see careless IT staff fired, better maintenance of servers and such because to do otherwise means having less money.

Genius

 

[vegeta535]

Companies also need to stop asking for SS# for everything you sign up for nowadays. If they really do require your SS. They should be fine to hell and back and have to pay out the customers affected.

 

[thesmokingman]

Yea, required to pay restitution to the affected.

 

[jtm55]

Hi All,

Thanks Kyle for the heads up.

This shit is really getting old now.

 

[SvenBent]

Mandatory minimum of x amount of dolalrs in payments to the persone hte leak infomation about might actually make companines care about protecting information

full name: 5 dollars
creditcard info 10 dollars ( per)
creditcard info with security code 15 dollars (per)
Social security # 15 dollars
home adress 5 dollars
Home phone numbeer 5 dollars per
Email 5 dollars
etc
+the cost of administration all those check to send out

Let see those companies redoo loosing millions of customer data now

 

[Jim Kim]

Mandatory minimum of x amount of dolalrs in payments to the persone hte leak infomation about might actually make companines care about protecting information

full name: 500 dollars
creditcard info 1000 dollars ( per)
creditcard info with security code 1500 dollars (per)
Social security # 1500 dollars
home adress 500 dollars
Home phone numbeer 50 dollars per
Email 50 dollars
etc
+the cost of administration all those check to send out

Let see those companies redoo loosing millions of customer data now

FTFY

 

[vegeta535]

FTFY

Also tacking 2 years of idenity fraud prevention on top of it.

 

[SomeoneElse]

Looks like the purchase of Yahoo was such a "loss", They are just proving this is common practice between the two companies.

Sarcasm aside, I agree with others who posted, start refunding customers for their breaches since they have their personal data exposed to malicious persons. I can guarantee you if it was the CEO's data, that guy would have been canned 5 mins after the breach.

 

[katanaD]

LOL on NICE's website

http://info.nice.com/Re-inventing_customer_experience_roadshow_registration.html?iesrc=ctr

 

[Converge]

Companies also need to stop asking for SS# for everything you sign up for nowadays. If they really do require your SS. They should be fine to hell and back and have to pay out the customers affected.

So you're saying my local gym doesn't need my social security number and mothers place and time of birth to let me use their equipment a couple times a week? I don't know man....