Infosecurity has announced that Verizon has admitted that the data of at least six million customers was exposed online – including names, addresses, account details and account PIN numbers.
The data was exposed by a Verizon third party partner NICe Systems who didn’t limit external access to an Amazon S3 server. The leak was discovered by UpGuard, a cyber security company.
“Possession of these account PIN codes could allow scammers to successfully pose as customers in calls to Verizon, enabling them to gain access to accounts – an especially threatening prospect, given the increasing reliance upon mobile communications for purposes of two-factor authentication”, the company wrote in a blog post.
It’s always important to regularly assess external access to your organisation and customer data and limit it where possible. Certifications such as PCI-DSS ensure that a platform and solution provider follows strict processes to protect customer and transaction data from breaches, whether unintentional or malicious.
If you’d like to discuss any security or compliance concerns, contact Key IVR and we’ll assess your payment solution setup.