“With cyber attacks growing in strength and number, it’s harder to avoid becoming a victim,” according to Verizon Enterprise Security Solutions (VZ) website. Ironically, the company learned this week just how true that is after a data breach resulted in contact information for 1.5 million of its customers being put on sale on an underground cybercrime forum, as reported by KrebsOnSecurity.
According to the report, a “prominent member” of the secret forum offered the whole data set at $100,000, or chunks of 100,000 records at $10,000 each. In addition, the seller offered to sell the inside scoop about the security vulnerabilities in Verizon’s website.
“Verizon recently discovered and remediated a security vulnerability on our enterprise client portal,” the company said in an emailed statement to Brian Krebs. “Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible."
According to Verizon, 97 percent of Fortune 500 customers are users of Verizon Enterprise. Krebs points out that even if the contact information is limited to technical managers, the stolen data is bound to be rich with targets for phishing and other email scams.
This is bound to be a little embarrassing for a company known for assisting its customers after a data breach, with special services in forensics and investigations. Verizon even publishes an annual Data Breach Investigations Report that’s filled with interesting case studies of actual breaches, and Gartner named Verizon a leader in managed security services.