Verizon Enterprise Solutions is the latest victim of a data breach that affected more than a million of its enterprise customers, news that partners believe will have wide-ranging implications on telecom and cloud security solutions.
First reported by security journalist Brian Krebs, the breach allowed hackers to collect information on an estimated 1.5 million enterprise clients, including basic contact information.
Verizon said in the report that no customer proprietary network information or other data was accessed.
The data was found for sale on an underground cyberforum. The breach drives home the point that no company is immune to data security breaches, said Andrew Pryfogle, senior vice president of cloud transformation for Petaluma, Calif .-based Intelisys, a Verizon master agent partner. [Related: CRN Exclusive: Verizon Channel Chief Famularo Is Moving On, VP Schijns Set To Lead Carrier Channel] "If one of the leading providers of cloud security solutions in the world can itself be compromised, then anybody can be," Pryfogle said. The exact cause of the breach remains unclear, but the Basking Ridge, N.J.-based company told CRN that it had recently found and fixed a vulnerability in its enterprise client portal that a hacker used to collect basic contact information on the carrier’s enterprise clients. No consumer customers were impacted, a spokesperson for Verizon said. Verizon said that it is now notifying the affected enterprise customers.
The carrier did not respond to CRN’s question regarding whether any partners were working with the enterprise customers impacted by the breach. Verizon isn’t the only telecom company to be hit by a data breach in recent months.In October, British telecom company TalkTalk disclosed a breach that affected approximately 4 million of its customers, exposing credit card information, names, addresses and dates of birth.
TerraCom and YourTel America were also hit by breaches in 2015, although they were not as extensive. However, despite multiple recent telecom breaches, Jane Wright, senior analyst covering security at Technology Business Research, said she doesn't view the incident as a foreshadowing of more breaches in telecom providers. “I don’t see it as the beginning of a trend toward more breaches at telecom providers. Like so many other companies that hold customer information – not just telecom providers -- Verizon was a target for hackers looking to profit from reselling contact information such as names, titles and email addresses,” Wright said. Wright added that there is also likely an element of hackers looking to “outsmart” security researchers.
Verizon has established itself as both a thought leader in security with its annual Verizon Data Breach Report and making security offerings available through the channel, such as its Rapid Response Retainer that VARs and agents can use to help customers respond to vulnerabilities and breaches with assessments, forensics and professional services.
Verizon said in the report that no customer proprietary network information or other data was accessed.
The data was found for sale on an underground cyberforum. The breach drives home the point that no company is immune to data security breaches, said Andrew Pryfogle, senior vice president of cloud transformation for Petaluma, Calif .-based Intelisys, a Verizon master agent partner. [Related: CRN Exclusive: Verizon Channel Chief Famularo Is Moving On, VP Schijns Set To Lead Carrier Channel] "If one of the leading providers of cloud security solutions in the world can itself be compromised, then anybody can be," Pryfogle said. The exact cause of the breach remains unclear, but the Basking Ridge, N.J.-based company told CRN that it had recently found and fixed a vulnerability in its enterprise client portal that a hacker used to collect basic contact information on the carrier’s enterprise clients. No consumer customers were impacted, a spokesperson for Verizon said. Verizon said that it is now notifying the affected enterprise customers.
The carrier did not respond to CRN’s question regarding whether any partners were working with the enterprise customers impacted by the breach. Verizon isn’t the only telecom company to be hit by a data breach in recent months.In October, British telecom company TalkTalk disclosed a breach that affected approximately 4 million of its customers, exposing credit card information, names, addresses and dates of birth.
TerraCom and YourTel America were also hit by breaches in 2015, although they were not as extensive. However, despite multiple recent telecom breaches, Jane Wright, senior analyst covering security at Technology Business Research, said she doesn't view the incident as a foreshadowing of more breaches in telecom providers. “I don’t see it as the beginning of a trend toward more breaches at telecom providers. Like so many other companies that hold customer information – not just telecom providers -- Verizon was a target for hackers looking to profit from reselling contact information such as names, titles and email addresses,” Wright said. Wright added that there is also likely an element of hackers looking to “outsmart” security researchers.
Verizon has established itself as both a thought leader in security with its annual Verizon Data Breach Report and making security offerings available through the channel, such as its Rapid Response Retainer that VARs and agents can use to help customers respond to vulnerabilities and breaches with assessments, forensics and professional services.