For the last decade, Verizon Enterprise Solutions has helped countless businesses improve their digital security. In fact, the company reports it serves as many as 99 percent of the Fortune 1000, providing a variety of cloud and mobility products as well as the tools and infrastructure to keep them safe. A leader in the digital services industry, Verizon Enterprise also produces annual reports investigating recent data breaches and offering lessons to help companies avoid such compromises.
Now, however, it appears one of the world’s leaders in digital security has suffered a breach of its own. This March, a database containing 1.5 million Verizon Enterprise customer records was stolen and posted for sale on an underground cybercrime forum, according to KrebsOnSecurity. Verizon Enterprise Solutions confirmed that a “security vulnerability on [the] enterprise client portal” allowed hackers to gain access to basic contact information for the company’s enterprise customers, reported Krebs. The company says no data about consumers was involved in the breach, and that it is notifying its affected enterprise customers.
Krebs reports the seller was asking for $100,000 for the entire database, or $10,000 each for blocks of 100,000 contacts. With an asking price of just 10 cents per contact, SearchSecurity points out that each entry appears to be of little value to fraudsters, likely because it includes only basic contact information. That does not mean it’s useless, however. The data could be used as a tool to enable targeted phishing attacks against Verizon Enterprise Solution’s customers, says Vann Abernethy, field CTO at California network security company NSFOCUS.
“There are a few things that could be done, most notably, using the information in social engineering attacks – e.g., posing as a Verizon employee.” Abernethy told SearchSecurity, adding, “But since this breach is now public, the chances of this being successful are lower.”
Protect yourself from phishing
Even still, the breach serves to remind consumers that even the most advanced companies are constantly being targeted by cybercriminals, and that none are immune. While companies usually alert consumers if their information has been compromised in a breach, those warning can be too little too late if fraudsters send out phishing attempts first.
To avoid falling victim to phishing attempts yourself, keep these security tips in mind:
- Verify requests for information: Don’t reply to any emails that ask you to provide personal or account-related information. If you receive what looks to be a legitimate email from a company that may truly need your information, simply pick up the phone and give them a call, suggests the U.S. Securities and Exchange Commission. But, be sure to confirm their phone number from somewhere other than the email, as they may have included a false number.
- Don’t follow links from emails: If an email requests you take action on the company’s website, try navigating there yourself through your Internet browser. The link in the email could go to a false site designed to look like the real deal, or could even trigger dangerous malware to download to your computer.
- Secure your computer: Installing personal firewalls and security software may be able to stop malware downloads before they happen. If you make any financial transactions online, only do so over a web page marked with a padlock, as that can indicate it uses encryption to secure your transaction details, according to the SEC.
While these best practices can help you better protect your identity after a data breach, there is unfortunately no way to remove the risk of identity theft altogether. For a second set of eyes that can watch your credit files even when you can’t, consider signing up for a credit monitoring service like Identity Guard. We can alert you if we detect certain activity that may indicate fraud, and even help you dispute fraud if you become a victim. To get started, contact us today.