Risk
11/24/2008
03:54 PM
50%
50%

Verizon Workers Fired In Obama Phone Account Breach

Verizon is neither confirming nor denying the firings, first reported by CNN over the weekend.

Verizon Wireless has fired an undisclosed number of employees connected with the unauthorized access of records linked to a mobile phone used by President-elect Barack Obama, CNN reported.

Quoting a source within Verizon, the cable news network said the fired workers were hired to help customers and weren't authorized to access records, unless asked by customers. The Verizon source did not say how many employees were fired.

"We now consider this matter closed," the source told CNN.

A Verizon spokesman on Monday said the company was aware of the report and "wouldn't disagree with it, but we're not confirming nor denying."

The fired employees had only limited access to customers' records, and would not have been able to read text messages or listen to voice mail, CNN reported over the weekend. An Obama spokesman had said that the president-elect no longer used the mobile phone and it had been inactive for months.

Verizon reported the breach last week. Chief executive Lowell McAdam apologized for the incident and said all employees who accessed the account had been suspended with pay.

CNN also reported that Verizon Wireless had launched a separate internal investigation to determine whether customer information "had in any way been compromised outside our company," McAdam said in an internal e-mail obtained by CNN.

The Verizon breach wasn't the first time records related to Obama had been accessed without authorization. In March, State Department officials issued an apology after three employees of a department contractor had accessed the passport files of then presidential candidates Hillary Clinton, John McCain, and Obama.

Employees breaking workplace rules and even federal law to access celebrity records isn't new. UCLA Medical Center employees, for example, snooped on the medical records of actress Farah Fawcett and singer Britney Spears.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0543
Published: 2015-07-05
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2015-0544
Published: 2015-07-05
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value.

CVE-2015-4129
Published: 2015-07-05
SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie.

CVE-2015-0547
Published: 2015-07-04
The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.

CVE-2015-0548
Published: 2015-07-04
The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report