Verizon employee compromises personal data of 63,000 colleagues

Verizon, one of the largest telecommunications service providers in the US, has informed the concerned authorities that the personal data of 63,206 people, mostly its employees, has been inadvertently compromised.

The company, while informing the Office of the Maine Attorney General, revealed that the breach occurred on September 21, 2023. Significantly, the data breach was detected after almost three months on December 12, 2023. Only 82 people from Maine have been impacted.

Verizon said it believes “inadvertent disclosure” and “insider wrongdoing” are the key reasons for the data breach. The company is informing all the affected people about the breach.

The compromised personal information included names, addresses, Social Security Number or other national identifier (if available), gender, union affiliation (if applicable), date of birth, and compensation information, as per the sample letter shared by Verizon with the Office of Maine’s Attorney General. This sensitive personal information can be used by malicious elements to inflict financial damage on the person. 

“At this time, we have no evidence that this information has been misused or shared outside of Verizon as a result of this issue. We are working to ensure our technical controls are enhanced to help prevent this type of situation from reoccurring and are notifying applicable regulators about the matter,” said the letter informing the affected people.

Explaining the breach, Verizon’s letter to the affected people said, “A Verizon employee obtained a file containing certain employee personal information without authorization and in violation of company policy. Promptly after learning of the issue, we conducted a review of the relevant file to determine the types of information that were impacted.”

The company has provided “complimentary credit monitoring and identity protection services for 24 months.” In case fraud occurs because of a data breach, affected individuals can claim up to $1 million in reimbursement for stolen funds and expenses, Verizon told the Office of the Maine Attorney General. Verizon hadn’t responded to the questionnaire shared with them till the time of publishing this story.

Growing security incidents at telcos

Over the last few years, Verizon has been at the receiving end of security-related issues. In January 2023, the data of Verizon’s 7.5 million wireless customers was available on Dark Web. In addition, the personal information, including names, email addresses, and corporate ID numbers, of Verizon’s employees was compromised in a data breach incident in 2022.

“The frequency of such breaches, even at organizations equipped with the most sophisticated data-privacy-and-security mechanisms, is a pointer to the lacunas that continue to exist in the defense fabrics being employed,” said Deepak Kumar, the founder analyst and chief research officer at BMNxt Business and Market Advisory.

“This particular incidence, in which, as Verizon has indicated, no rogue actor was involved, nevertheless shows that there is a lack of coherence between the policies, people, and the processes in action. It also shows that while we continue to discuss a lot about models such as zero-trust data security, there obviously are ways to transgress such models,” added Kumar.

As per Verizon’s 2023 Data Breach Investigations Report, 74% of the breaches involved human elements, which may include social engineering attacks, errors, or misuse. The telecom service providers are a regular target of threat actors because it has vast amounts of sensitive and personal data of the consumers. Last year, T-Mobile experienced incidents of data breaches.

Data Breach

Go to Source