As Verizon published its “Verizon Data Breach Investigations Report” this year, it too was recently involved in a data breach resulting in the theft and resale of enterprise customer data.
Here are some of the interesting details: On an underground cybercrime forum, a thread was posted advertising the sale of a database that contains the contact information on approximately 1.5 million customers. The database information was available for purchase at the bargain price of $100,000 but chunks of 100,000 records were also for sale at $10,000 apiece. In addition, information about security vulnerabilities in Verizon’s Web site were also up for purchase.
Verizon Enterprise had identified a security flaw in its site which resulted in hackers being able to steal customer contact information. Verizon Enterprise is in the process of alerting affected customers.
While we may treat this event passively (it’s not like it’s the first time something like this has happened), it is important to remember the collateral damage it has the potential to cause. The names, emails, and numbers of many enterprise users were compromised. Information like that can be used to spear phish high profile people within the company. While this all may seem like déjà-vu, it’s certainly a real threat moving forward and the effects of it will most likely be seen months down the road.