Nice Systems exposes 14 million Verizon customers on open AWS server

Nice Systems, an Israeli company providing customer service analytics to Verizon has exposed the data of as many as 14 million subscribers on the internet. The data contained logs of customer service calls over the last six months and included the account and personal information of Verizon customers. The debacle is reminiscent of the Home Depot data leak back in April where customer service records were stored on an unsecured server.

Chris Vickery, director of cyber risk research at security firm UpGuard, found the data on an Amazon S3 storage server late last month. Vickey reported the breach to Verizon right away, but it took them another week to secure the data.

The server was controlled by a Nice Systems employee and was open to anyone who knew or stumbled upon the easy-to-guess URL. The data on the server was contained in six folders labeled with each month from January to June. The folders contained daily logs of customer service calls broken down by geographical region in relation to Verizon data center locations.

In addition to names, phone numbers, and PINs, the records also contained home and email addresses, account balances, and lists of subscribed services among other personal details. Verizon says that not all of this information was exposed because it was masked, but would not give further details citing security concerns. It also insists that the majority of the data has no value outside the company.

"Congress needs to find out the scale and scope of what happened to make sure it doesn't happen again."

Nice was handling and analyzing the data in a project to help the telecom improve its customer service. The data was part of a demo system for that project. Verizon conducted an investigation into the matter and concluded that the data had not been accessed by any "external parties." Nice is also investigating the situation. Congress might become involved as well.

Democratic Congressman Ted Lieu stated that he would be "asking the Judiciary Committee to hold a hearing on this issue because Congress needs to find out the scale and scope of what happened and to make sure it doesn't happen again." As a Verizon customer, Lieu has a vested interest in the case. Despite Verizon's claim that no data was externally exposed, subscribers who have had a customer service interaction between January and June of this year, might want to take appropriate measures to secure their accounts.