Millions of Verizon customer records exposed in security lapse

ZDNet - 2017-07-12

086mCFYu

(Image: file photo) An Israeli technology company has exposed millions of Verizon customer records, ZDNet has learned. As many as 14 million records of subscribers who called the phone giant's customer services in the past six months were found on an unprotected Amazon S3 storage server controlled by an employee of Nice Systems, a Ra'anana, Israel-based company. The data was downloadable by anyone with the easy-to-guess web address. Nice, which counts 85 of the Fortune 100 as customers, plays in two main enterprise software markets: customer engagement and financial crime and compliance including tools that prevent fraud and money laundering. Nice's 2016 revenue was $1.01 billion, up from $926.9 million in the previous year. The financial services sector is Nice's biggest industry in terms of customers, with telecom companies such as Verizon a key vertical. The company has more than 25,000 customers in about 150 countries. Privacy watchdogs have linked the company to several governmentintelligence agencies, and it's known to work closely with surveillance and phone cracking firms Hacking Team and Cellebrite. In regulatory filings with the Securities and Exchange Commission, Nice noted that it can't control what customers do with its software. "Our products may also be intentionally misused or abused by clients who use our products," said Nice in its annual report. Chris Vickery, director of cyber risk research at security firm UpGuard, who found the data, privately told Verizon of the exposure shortly after it was discovered in late-June. It took over a week before the data was eventually secured. The customer records were contained in log files that were generated when Verizon customers in the last six months called customer service. These interactions are recorded, obtained, and analyzed by Nice, which says it can "realize intent, and extract and leverage insights to deliver impact in real time.