Verizon Communications said an attacker had exploited a security vulnerability on its enterprise client portal to steal contact information of a number of customers.
The company said the attacker however did not gain access to Customer Proprietary Network Information (CPNI) or other data.
CPNI is the information that telephone companies collect including the time, date, duration and destination number of each call and the type of network a consumer subscribes to.
Krebs On Security, which first broke the news of the breach, said a member of a underground cybercrime forum had posted a new thread advertising the sale of a database containing the contact information on some 1.5 million customers of Verizon Enterprise.
The seller priced the entire package at $100,000, but offered to sell it off in parts of 100,000 records for $10,000 apiece, Krebs added.
The vulnerability, which was investigated and fixed, did not leak any data on consumer customers, Verizon said in a statement on Thursday.
The company is currently notifying customers impacted by the breach.