Risk
11/24/2008
03:54 PM
50%
50%

Verizon Workers Fired In Obama Phone Account Breach

Verizon is neither confirming nor denying the firings, first reported by CNN over the weekend.

Verizon Wireless has fired an undisclosed number of employees connected with the unauthorized access of records linked to a mobile phone used by President-elect Barack Obama, CNN reported.

Quoting a source within Verizon, the cable news network said the fired workers were hired to help customers and weren't authorized to access records, unless asked by customers. The Verizon source did not say how many employees were fired.

"We now consider this matter closed," the source told CNN.

A Verizon spokesman on Monday said the company was aware of the report and "wouldn't disagree with it, but we're not confirming nor denying."

The fired employees had only limited access to customers' records, and would not have been able to read text messages or listen to voice mail, CNN reported over the weekend. An Obama spokesman had said that the president-elect no longer used the mobile phone and it had been inactive for months.

Verizon reported the breach last week. Chief executive Lowell McAdam apologized for the incident and said all employees who accessed the account had been suspended with pay.

CNN also reported that Verizon Wireless had launched a separate internal investigation to determine whether customer information "had in any way been compromised outside our company," McAdam said in an internal e-mail obtained by CNN.

The Verizon breach wasn't the first time records related to Obama had been accessed without authorization. In March, State Department officials issued an apology after three employees of a department contractor had accessed the passport files of then presidential candidates Hillary Clinton, John McCain, and Obama.

Employees breaking workplace rules and even federal law to access celebrity records isn't new. UCLA Medical Center employees, for example, snooped on the medical records of actress Farah Fawcett and singer Britney Spears.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2208
Published: 2014-12-28
CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string.

CVE-2014-2209
Published: 2014-12-28
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.

CVE-2014-5386
Published: 2014-12-28
The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initial...

CVE-2014-6228
Published: 2014-12-28
Integer overflow in the string_chunk_split function in hphp/runtime/base/zend-string.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted arguments to the chunk_split ...

CVE-2014-6229
Published: 2014-12-28
The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string,...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.