In an incident that is overflowing with irony, customers of Verizon Enterprise Solutions, the B2B division of the telecom giant which offers IT services to large enterprises, and which is usually tasked with responding to large data breaches, had its data stolen in a massive hacking attack earlier this week.
The attack, which managed to acquire sensitive data from about 1.5 million customers of Verizon's B2B unit, was allegedly initiated by a prominent member of an underground cybercrime forum. Considering that Verizon is currently offering its services to 97 percent of Fortune 500 companies, the risk in quite notable indeed.
"Earlier this week, a prominent member of a closely guarded underground cybercrime forum posted a new thread advertising the sale of a database containing the contact information on some 1.5 million customers of Verizon Enterprise," security journalist Brian Krebs stated.
Seemingly adding insult to injury, the hacker responsible for the data breach has even offered the spoils of the cyberattack for a price. If the hacker does manage to sell the data, the companies compromised by the hacking incident would most likely be vulnerable to various types of cybercrime such as phishing and other specified, targeted attacks.
"The seller priced the entire package at $100,000, but also offered to sell it off in chunks of 100,000 records for $10,000 apiece. Buyers also were offered the option to purchase information about security vulnerabilities in Verizon's website," Krebs further stated.
As of this writing, Verizon has announced that the company has already begun responding to the issue. The telecom giant, however, maintained that the breach only managed to acquire basic customer data.
"Verizon recently discovered and remediated a security vulnerability on our enterprise client portal. Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible," a Verizon spokesperson stated.
Though the identity of the hacker has not been identified yet, the possibility that the attacker was a member of an organized online crime group is high. In Verizon Enterprise Solution's 2015 report on data breaches, the firm concluded that the focused, structured crime groups are behind most cyberattacks that target big-name clients.
Verizon's portfolio of clients, which include America's biggest companies, definitely fit the bill for the hackers.