Verizon issued a statement late Wednesday in response to reports that an Amazon Web Services S3 storage bucket was improperly configured by a third-party vendor, leaving the sensitive information of roughly 14 million Verizon customers publicly accessible and downloadable.
Following is the full text of the statement, dated July 12:
Verizon responds to report: Confirms no loss or theft of customer information
As a media outlet recently reported, an employee of one of our vendors put information into a cloud storage area and incorrectly set the storage to allow external access.
We have been able to confirm that the only access to the cloud storage area by a person other than Verizon or its vendor was a researcher who brought this issue to our attention.
In other words, there has been no loss or theft of Verizon or Verizon customer information.
By way of background, the vendor was supporting an approved initiative to help us improve a residential and small business wireline self-service call center portal and required certain data for the project.
The overwhelming majority of information in the data set had no external value, although there was a limited amount of personal information included, and in particular, there were no Social Security numbers or Verizon voice recordings in the cloud storage area.
To further clarify, the data supports a wireline portal and only includes a limited number of cell phone numbers for customer contact purposes.
In addition, to the extent PINs were included in the data set, the PINs are used to authenticate a customer calling our wireline call center, but do not provide online access to customer accounts.
Finally, the number of subscriber accounts included in the media report is overstated.
The actual number is approximately 6 million unique customers.
Verizon is committed to the security and privacy of our customers.
We regret the incident and apologize to our customers.