Verizon, one of the largest telecommunication giants in the United States, finds itself embroiled in yet another data breach saga, affecting approximately 63,000 of its employees. The Verizon data breach, which occurred in September 2023, remained undetected for three months, casting a shadow on the telecom giant’s security measures.
In a formal notice submitted to the Maine attorney general’s office, Verizon attributed the Verizon data breach to an insider threat, characterizing it as an “inadvertent disclosure” rather than a malicious act.
Upon inquiry, Rich Young, a spokesman for Verizon, informed The Cyber Express that Verizon had recently become aware of an incident where an employee mishandled a file containing the personal information of certain Verizon employees.
“Verizon recently discovered that an employee inappropriately handled a file containing certain personal information about some Verizon employees. At this point, we have no reason to believe the information was improperly used or that it was shared outside of Verizon. We are notifying the affected employees and applicable regulators about the matter. Again, we have no reason to believe there was malicious intent nor do we believe the information was shared externally. Our internal review of this matter continues,” told Young to TCE.
Verizon Data Breach: What All Was Compromised?
The compromised Verizon data, akin to a treasure trove for potential phishing attacks, encompasses a wide array of sensitive information including names, addresses, Social Security numbers, gender, union affiliations, dates of birth, and compensation details.
According to a sample letter addressed to the victims and filed with the Maine attorney general’s office, the Verizon data breach unfolded when a company employee illicitly accessed a file containing personal employee information, in clear violation of company policies.
Despite the data breach being discovered on December 12, the telecom giant assured that there is currently no evidence of the compromised data being misused or disseminated beyond Verizon’s confines.
Nevertheless, this data breach marks Verizon’s third data security incident within a year, stressing a disturbing trend in the company’s vulnerability to cyber threats.
A Troubling Pattern: Verizon’s History of Breaches
Earlier in January 2023, 7.5 million wireless customers fell victim to a breach when their data surfaced for sale on the Dark Web, with Verizon attributing the incident to a third-party provider.
Before this, in May 2022, the personal information of Verizon employees, including full names, email addresses, corporate ID numbers, and phone numbers, was compromised in another breach. The data was disclosed to the press by a hacker who had obtained it.
The specter of cybersecurity breaches has haunted Verizon for years, with a notable incident in 2017 when the personal data of 6 million customers was leaked online.
The breach was attributed to a misconfigured security setting on a cloud server, resulting from human error. NICE Systems, an Israel-based company collaborating with Verizon for customer service operations, inadvertently exposed customer phone numbers, names, and some PIN codes, leading to widespread security concerns.
This latest breach is particularly worrisome as it highlights the persistent challenges faced by telecom providers in safeguarding sensitive information. The telecom sector has increasingly become a prime target for cyberattacks, posing significant threats to both companies and consumers alike.
In response to the data breach, Verizon has announced plans to review and enhance its technical controls to prevent similar incidents in the future.
As cyber threats continue to evolve in complexity and frequency, it is imperative for organizations, especially those handling sensitive data, to prioritize security at every level to safeguard against potential breaches and protect the privacy and trust of their customers and employees alike.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
