Announcements of data breaches are generally not terribly startling these days, however, the recent announcement by Verizon Enterprise Solutions acknowledging that it had suffered a massive data breach is particularly noteworthy because Verizon Enterprise Solutions, is the unit of Verizon that assists companies when they have become victims of data breaches. OOPS! In fact, one of the things that Verizon Enterprise Solutions does every year is issue an annual data breach investigations report that is read by many. Next year, it appears the report will be including information about their own data breach, According to Verizon, they recently discovered and fixed ” a security vulnerability on our enterprise client portal.” According to Verizon, the information accessed by the hackers was limited to basic contact information for many of its customers. According to Verizon, no customer proprietary network information (CPNI) was stolen. Verizon is in the process of contacting affected customers. The stolen information is already being sold on the Dark Web, where there are found Internet sites where criminals buy and sell such information.
One might question the value to cybercriminals of the theft of basic personal information, however, that information can be quite valuable for creating spear phishing emails that lure unsuspecting victims to click on links in the emails that contain malware that may steal more valuable data from targeted companies including banking information and credit card information. A specifically tailored spear phishing email that appears to come from Verizon Enterprise Solutions directed by name to a specific person in the targeted company could be more likely to cause an unsuspecting employee of the targeted company to believe that the spear phishing email was legitimate and click on links or provide personal information that could be used for identity theft or cybercrime.
This data breach is another good example of why my motto is “trust me, you can’t trust anyone.” Regardless of how legitimate an email or text message may appear that asks you to click on a link or provide personal information, you can never be sure that such communications are legitimate. Never click on links or provide personal information in emails or text messages until you have independently confirmed that the email or text message is indeed legitimate. Remember, even paranoids have enemies.