Dark Mode Light Mode

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Eagle Eye & dunnhumby Collaborate
Assist Wireless exposes customer licenses, passports and Social Security numbers
Chorus.ai Launches Outcome-Based Analytics

Assist Wireless exposes customer licenses, passports and Social Security numbers

Assist Wireless LLC, a U.S. mobile virtual network operator that provides phone services to the underprivileged with government support, has suffered a data breach with customer records found exposed online.

The exposed customer data was discovered by security researcher John Wethington and first reported today by TechCrunch. Remarkably the data itself was found through a simple Google search result and included tens of thousands of customer documents, including driver licenses, passports and Social Security numbers that customers used to verify their eligibility for a free phone and plan.

Before going public, TechCrunch reached out to Access Wireless and the documents have been removed. The company had not published a breach disclosure on its website at the time of writing but did confirm the leak. It said it was the result of the third-party plugin Imagify placing backups of images in a separate folder that was not secure.

Advertisement

“Assist Wireless takes security and consumer data very seriously,” the carrier told TechCrunch. “We are hiring a third-party security firm to provide us with a thorough security audit and subsequent consultation on ensuring customer data is as safe as possible moving forward.”

Robert Prigge, chief executive officer of identity verification solutions company Jumio Corp. told SiliconANGLE that the data equips fraudsters with all the information they need to take over wireless accounts, but it doesn’t stop there.

“This information can be used to access bank accounts and combined with other information on the dark web to access social media profiles, email accounts and more,” he said. “As the exposed information was directly connected to a user’s cell phone account, fraudsters can make a strong case with Assist Wireless that the phone was lost or stolen, convincing them to activate a new SIM card connected to the legitimate user’s phone number on a phone owned by the fraudster.”

That’s worrisome, he added, because “this SIM swapping would further grant the fraudster control over the user’s accounts, allowing them to request account verification codes/links be sent to the device. Once logged in, fraudsters can easily transfer money from bank accounts, post offensive content from the user’s social media profiles, send fraudulent emails on behalf of the user and even change passwords to lock legitimate users out entirely.”


This article originally appeared in SiliconAngle.

Author

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Add a comment Add a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Previous Post

Eagle Eye & dunnhumby Collaborate

Next Post

Chorus.ai Launches Outcome-Based Analytics

Advertisement

Subscribe to Customerland

Customer Enlightenment Delivered Directly to You.

    Get the latest insights, tips, and technologies to help you build and protect your customer estate.