The personal information of 14 million customers of Verizon Communications Inc. has been discovered online thanks to what appears to be a security failure by a partner of the company.

The data was found on an Amazon Web Service Inc.’s S3 server controlled by an employee of Nice Systems Ltd., an Israeli firm that specializes in telephone voice recording, surveillance and, with no shortage of irony, data security as well.

According to an analysis published Wednesday by Chris Branch of the security firm UpGuard Inc., the data was exposed because of a misconfigured security setting on the server. “The data repository … appears to have been created to log customer call data,” Branch explained, before adding that the “data repository … was fully downloadable and configured to allow public access.”

Data within the repository is said to have been in the terabytes and included details including addresses, names, phone numbers account PINs and in some cases customer account balances.

The data itself related to log files that were generated by Verizon customers calling the company between January and June this year with the data being compiled to “realize intent and extract and leverage insights to deliver impact in real time.”

Verizon told ZDNet that it was investigating how the customer data had managed to find its way onto a publicly available S3 instance as part of an “ongoing project” to improve its customer service, presumably meaning making sure its customer details were not publicly available for download from the Internet.

“Verizon provided the vendor with certain data to perform this work and authorized the vendor to set up AWS storage as part of this project,” the company added. “Unfortunately, the vendor’s employee incorrectly set their AWS storage to allow external access.”

The good news is that it appears that Branch was the only person to download the data, meaning that the details in the data repository are safe from bad actors. But the case once again highlights the need to make sure internal compliance measures are in place with both companies and their partners to make sure that careless mistakes like this that potentially could cause serious damage don’t occur in the first place.

Photo: jeepersmedia/Flickr