Voicemail recordings and over 200,000 transcripts were among the exposed records which included sensitive information such as phone numbers, medical conditions, and insurance policies.
The data leak was discovered by Security researcher Bob Diachenko and Comparitech on October 1st. Diachenko promptly told Broadvoice of their finding which lead to the data being secured the next day. But for four days, sensitive information was left unattended where criminals could obtain critical information about Broadvoice’s customers that they could turn around and use nefariously.
In the same press release, Broadvoice CEO Jim Murphy stated, “At this point, we have no reason to believe that there has been any misuse of the data.” He noted that the authorities have been informed and they will be investigating the matter.
When asked for comment, Comparitech explained, “The leaked database represents a wealth of information that could help facilitate targeted phishing attacks. In the hands of fraudsters, it would offer a ripe opportunity to dupe Broadvoice clients and their customers out of additional information and possibly into handing over money.” The pro-consumer website based in the United Kingdom noted that a hacker could use the information found in the exposed database to coheres customers into thinking that they work for the company – convincing them to hand over their login credentials or other sensitive data. This form of hacking is also known as a phishing attack.
According to Privacy Rights Clearinghouse, there have been over 9,000 data breaches between 2005 and 2018 with an average breach costing roughly $4 million dollars. While many organizations invest in secure technology to keep their data safe, data breaches are becoming all the more common as hackers become more advanced. In fact, according to Cybersecurity Ventures, the cost of cybercrimes will reach $6 trillion dollars by 2021. These are just some cybercrime statistics that prove companies have to be vigilant in protecting their data – which makes Broadvoice’s flub that much more alarming.
It is too early to speculate whether or not Diachenko was the only person to view those exposed records or how many of Broadvoice’s customers the mishap affected. So far Broadvoice has launched an investigation, alerted the federal law enforcement and is working with Diachenko to make sure he destroys all of the records he found. At the moment the company stated, we have no reason to believe that there has been any misuse of the data.”
The investigation is ongoing but Broadvoice has assured the public that they have hired a third-party forensic firm to analyze the data. In the press release, the company promises, “We will provide more information and updates to our customers and partners upon completion of the investigation. We cannot speculate further about this issue at this time.”