KrebsOnSecurity was first to report on the breach, saying, “…a prominent member of a closely guarded underground cybercrime forum posted a new thread advertising the sale of a database containing the contact information on some 1.5 million customers of Verizon Enterprise… The seller priced the entire package at $100,000, but also offered to sell it off in chunks of 100,000 records for $10,000 apiece.”
While Verizon has supposedly identified the security flaw, they have not yet disclosed more information about the vulnerability, such as when it was found, when it was closed, and how the breach happened in the first place.
Dodi Glenn, vice president of cyber security at PC Pitstop says, “While the breach itself is quite large (impacting 1.5M customers), the information obtained was ‘limited’, according to Verizon, including only basic contact information. Apparently, no customer proprietary network information (CPNI) data was accessed, which is good news since contact information is considered a lot less valuable than CPNI or other confidential data. Still, however, this should be a concern for many, since the breach happened to a company that is known for helping out other companies during data breaches. Additionally, a lot of Fortune 500 companies use Verizon Enterprise Solutions – makes you wonder if some of those who purchased the data may have plans to use the information to start phishing attacks, since it contains information from companies with lots of money.”