[ISN] Verizon gaffe lets customer details slip

From: InfoSec News (alerts@private)
Date: Sun Aug 27 2006 - 22:03:32 PDT


http://news.com.com/Verizon+gaffe+lets+customer+details+slip/2100-1029_3-6109883.html

By Joris Evers
Staff Writer, CNET News.com
August 25, 2006

Verizon Wireless this week accidentally distributed a file with limited 
details on more than 5,000 customers outside the company, potentially 
giving identity thieves a toehold.

The Microsoft Excel spreadsheet file was e-mailed on Monday and includes 
names, e-mail addresses, cell phone numbers and cell phone models of 
5,210 Verizon Wireless customers, going by a copy of the file obtained 
by CNET News.com. All of the customers have Motorola Razr phones, 
according to the spreadsheet.

The spreadsheet was inadvertently sent to about 1,800 people, all 
Verizon Wireless subscribers, according to a follow-up e-mail 
apologizing for the gaffe that the mobile carrier sent on Thursday. The 
Excel file was attached to an ad for a Bluetooth wireless headset, 
instead of the electronic order form that was supposed to be sent.

"Verizon Wireless takes the security, confidentiality and integrity of 
your personal information very seriously, and we deeply regret this 
error," the company said in the Thursday e-mail. It said that it has 
already implemented additional quality control procedures and process 
improvements to prevent a re-occurrence.

A Verizon Wireless representative confirmed the incident, but could not 
immediately provide specific details when reached Friday afternoon.

The information in the document is limited and does not immediately 
expose those listed to fraud, the company said in its apology. Yet it 
recommends that people affected review their bills more carefully and 
add a password to their account by calling 1-866-861-5096.

While the privacy breach in no way makes identity theft automatic, it 
helps put a clever fraudster in the starting blocks, said James Van 
Dyke, the principal analyst at Javelin Strategy & Research in 
Pleasanton, Calif., which tracks identity fraud.

"To commit ID fraud, you must do several things well. This just makes 
the job slightly easier," he said. For example, with this list in hand, 
a fraudster could call the listed numbers, pretend to be a Verizon 
Wireless representative and ask the subscriber for information to update 
the account.

One Verizon Wireless customer whose details were included in the file 
said he was upset about the flap. "Someone just got incredibly careless 
sending out a sales e-mail," said Frank Donley of Fresno, Calif. "With 
all the privacy incidents you read about recently, I should feel 
relieved that my credit card number, Social Security number or some 
other secure info wasn't released."


_________________________________
HITBSecConf2006 - Malaysia 
The largest network security event in Asia 
32 internationally renowned speakers 
7 tracks of hands-on technical training sessions. 
Register now: http://conference.hitb.org/hitbsecconf2006kl/



This archive was generated by hypermail 2.1.3 : Sun Aug 27 2006 - 22:14:22 PDT