Scam of the day – July 14, 2017 – Verizon suffers massive data breach

It was recently disclosed that Verizon had suffered a data breach affecting anywhere from six to fourteen million of its customers.  Included in the compromised information were the names, addresses, email addresses and PINs of Verizon customers who had called Verizon customer support during the past six months.

The data breach occurred when Nice Systems, a third party vendor that handles customer service for Verizon stored the information in a misconfigured cloud storage area that allowed anyone to access it.

The most sensitive of the compromised information are the PINs.  Access to a PIN could allow a hacker to gain access to the Verizon customer’s account.  Additionally, many people use the same PIN for many accounts, which means that their other accounts are also in jeopardy.

TIPS

If you called Verizon customer support during the past six months you should immediately change your PIN and if you use the same PIN for other accounts, you should change those PINs, as well.  Additionally, if you do use the same PIN for multiple accounts, now would be a good time to make all of your PINs unique.

In addition, you should be wary of emails that appear to come from Verizon asking for personal information or requesting that you click on links because the information compromised in the data breach could be used by a hacker to fashion spear phishing emails that attempt to lure you into providing information or clicking on links that can lead to your becoming a victim of identity theft or ransomware extortion.

April 9, 2016 – Steve Weisman’s latest column for USA Today

Here is a link to Steve Weisman’s latest column for USA Today which deals with the data breach at Verizon Enterprise Solutions, which, ironically, is the unit of Verizon that helps companies deal with data breaches.  However, as indicated in the column, there is a lesson to all of us in this story.

http://www.usatoday.com/story/money/columnist/2016/04/09/lessons-latest-verizon-data-breach/82677920/

Scam of the day – March 28, 2016 – Verizon Enterprise Solutions suffers data breach

Announcements of data breaches are generally not terribly startling these days, however, the recent announcement by Verizon Enterprise Solutions acknowledging that it had suffered a massive data breach is particularly noteworthy because Verizon Enterprise Solutions, is the unit of Verizon that assists companies when they have become victims of data breaches.  OOPS!  In fact, one of the things that Verizon Enterprise Solutions does every year is issue an annual data breach investigations report that is read by many.  Next year, it appears the report will be including information about their own data breach,   According to Verizon, they recently discovered and fixed ” a security vulnerability on our enterprise client portal.”  According to Verizon,  the information accessed by the hackers was limited to basic contact information for many of its customers.  According to Verizon, no customer proprietary network information (CPNI) was stolen.   Verizon is in the process of contacting affected customers.   The stolen information is already being sold on the Dark Web, where there are found Internet sites where criminals buy and sell such information.

One might question the value  to cybercriminals of the theft of basic personal information, however, that information can be quite valuable for creating spear phishing emails that lure unsuspecting victims to click on links in the emails that contain malware that may steal more valuable data from targeted companies including banking information and credit card information.  A specifically tailored spear phishing email that appears to come from Verizon Enterprise Solutions directed by name to a specific person in the targeted company could be more likely to cause an unsuspecting employee of the targeted company to believe that the spear phishing email was legitimate and click on links or provide personal information that could be used for identity theft or cybercrime.

TIPS

This data breach is another good example of why my motto is “trust me, you can’t trust anyone.”  Regardless of how legitimate an email or text message may appear that asks you to click on a link or provide personal information, you can never be sure that such communications are legitimate.  Never click on links or provide personal information in emails or text messages until you have independently confirmed that the email or text message is indeed legitimate.  Remember, even paranoids have enemies.