Cyber Incident Victim: Verizon
Date:
Mar 2016
Location:
United States of America
Summary
A telecommunications company's enterprise division suffered a data breach when attackers exploited a security vulnerability in its client portal, compromising basic contact information for approximately 1.5 million customers. The stolen data was advertised for sale on cybercrime forums, with options to purchase subsets or vulnerability details. While the incident did not involve proprietary network information, the exposed customer records—primarily belonging to Fortune 500 organizations—posed risks for targeted attacks due to their technical management affiliations. The company remediated the flaw and notified affected clients following its discovery.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In March 2016, Verizon Enterprise Solutions, a business-to-business unit specializing in cybersecurity services for Fortune 500 companies, confirmed a data breach involving the theft of customer contact information. The incident came to light after a member of an underground cybercrime forum advertised the sale of a database containing approximately 1.5 million customer records from Verizon Enterprise. The seller priced the complete dataset at $100,000, with options to purchase subsets of 100,000 records for $10,000 each. Additionally, the advertisement offered access to information about security vulnerabilities within Verizon's website infrastructure. Verizon acknowledged discovering and remediating a security vulnerability in its enterprise client portal that enabled unauthorized access to basic customer contact details. The company stated no customer proprietary network information (CPNI) or other sensitive data was compromised during the breach. Evidence suggested the attackers extracted data in MongoDB format, indicating potential exploitation of database vulnerabilities, though Verizon did not publicly confirm the exact intrusion method. The organization initiated customer notifications but had not disclosed the final count of affected parties or technical specifics of the breach at the time of reporting.
The breach presented significant reputational irony given Verizon Enterprise's role as a frequent responder to major corporate data breaches and publisher of the annual Data Breach Investigations Report (DBIR). The 2015 DBIR had identified organized crime groups as primary threat actors in 98% of analyzed web application attacks, characterizing such incidents as opportunistic targeting of "easy marks." The stolen contact information—particularly for technical managers at enterprise clients—created substantial phishing and targeted attack risks, given Verizon's claim that 99% of Fortune 500 companies used its services. While the compromised data appeared limited to basic contact details, the incident highlighted potential vulnerabilities in a portal used by high-value corporate clients. Verizon's public response emphasized prompt vulnerability remediation but provided no timeline for the breach’s occurrence, duration of exposure, or detailed forensic findings. The sale of vulnerability information alongside customer data suggested attackers may have conducted broader reconnaissance of Verizon’s systems beyond the contact information theft.