Verizon’s Data Breach branch, the branch responsible for helping to prevent and respond to cyber-attacks targeting client firms, has fallen victim to an outside attack and as many as 1.5 million clients may have had their information compromised as a result. Although the exact method of extraction is still unknown, it is assumed that the attackers somehow forced the Verizon MongDB server to dump its contents. Cyber journalist Brian Krebs broke the story when he discovered the information up for sale online. Krebs further reported that the seller took the stolen goods to an underground cybercrime forum, where he or she posted the information for sale at $10,000 per batch of 100,000 records or $100,000 for the entire collection.
Verizon has confirmed the breach, but did not verify the accuracy of Krebs’ report. Though the attack itself is clearly a problem, the silver lining is that Verizon now claims to have discovered the deficiency in its defense and fixed the problem. “As Verizon Enterprise is typically the one notifying the public how breaches take place, and the top security experts frequently recommend Verizon’s annual Data Breach Investigations Report, it’s extremely ironic, and unfortunately another sign of our times… that Verizon had a security vulnerability on their enterprise client portal,” Adam Levin, chairman and founder of IDT911, released in a statement to SC Magazine.