Verizon’s division that helps Fortune 500 companies respond to data breaches, has suffered a data breach of its own.
Customer contact information supposedly stolen from Verizon’s enterprise unit appeared online earlier this week, reports Brian Krebs, an independent cybersecurity journalist. He happened upon the cache while trawling the web.
During his search, Krebs noticed that “a prominent member of a closely guarded underground cybercrime forum posted a new thread advertising the sale of a database containing the contact information on some 1.5 million customers of Verizon Enterprise,” as he writes on his site, KrebsOnSecurity.
Get Data Sheet, Fortune’s technology newsletter.
Whoever posted the notice set the total price at $100,000—or alternatively at $10,000 per batch of 100,000 records, Krebs reports. The seller also offered up information about vulnerabilities affecting the company’s website for money.
Verizon (vz) confirmed the incident to Fortune, but not say whether the numbers reported by Krebs are accurate.
“Verizon Enterprise Solutions recently discovered and fixed a security vulnerability on our enterprise client portal,” a spokesperson told Fortune in an email. “Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers.”
For more on Verizon, watch:
The note from the carrier claimed that “no customer proprietary network information (CPNI) or other data was accessed or accessible,” and that consumer data was unaffected. The company said that it was currently in the process of notifying customers.
Verizon Enterprise Solutions is known for producing a widely read data breach investigations report based on information from the hundreds of digital clean ups it coordinates each year. The unit’s parent apparently explored selling off the business, worth as much as $10 billion, in the fall of last year.