Contact data on 1.5 million Verizon business customers was reportedly listed on an underground forum for $100,000
Verizon has confirmed that customer data has been stolen from its Verizon Enterprise Solutions unit, but said the theft was limited to customer contact details.
Verizon Enterprise is a business-focused group that offers a wide range services, including helping companies recover from data breaches.
The unit, now ironically suffering from a breach of its own, did not disclose how many customers were affected, but said those involved were being notified.
“Verizon recently discovered and remediated a security vulnerability on our enterprise client portal,” the company stated. “Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible.”
Security journalist Brian Krebs had earlier reported that a hacker was offering to sell contact information on 1.5 million Verizon Enterprise customers for $100,000 (£71,000) or 10 chunks of 100,000 records for $10,000 each.
The data was listed for sale, along with information about security vulnerabilities in Verizon Enterprise’s website, on a cybercrime forum last week, according to Krebs, who didn’t name the forum involved.
Such data is useful for hackers looking to target specific individuals, often in order to trick them into installing malicious code on the company’s systems.
Such techniques have been successful in achieving several large-scale data breaches in recent months, leading attackers to employ them more regularly and in a broader range of countries, including the UK, IT security firm Trend Micro found in a recent study.