BASKING RIDGE, N.J.–The latest mobile threat to credit unions comes from Verizon, which said data related to approximately six-million customer accounts has been breached.
Verizon is the largest wireless carrier in the U.S. and has yet to formally warn its customers of the breach.
According to Verizon, the information that has been exposed includes names, addresses, phone numbers, account information and, in some cases, PINs that customers use to verify themselves to phone-based customer-service teams. The exposed data was stored in logs and information associated with customer-service calls.
"Verizon is committed to the security and privacy of our customers," the company said in a statement. "We regret the incident and apologize to our customers."
The data exposure was discovered by Chris Vickery, a researcher with the cyber risk team at security vendor UpGuard.
According to UpGuard, the data was that was breached contained in an unsecured Amazon Web Services Simple Storage Service (S3) "bucket” that was supporting a “residential and small business wireline self-service call center portal and required certain data for the project."
According to UpGuard, it notified Verizon on June 13 about the data exposure, but the bucket wasn't secured until June 22. UpGuard said that as many as 14 million customer records were exposed, but Verizon said the figure is actually closer to six-million.