byGagandeep Kaur
News
07 Feb 20244 mins
Data Breach
The compromised personal information includes names, addresses, Social Security Number or other national identifier, gender, union affiliation, date of birth, and compensation information.
Credit: Przemek Klos / Shutterstock
Verizon, one of the largest telecommunications service providers in the US, has informed the concerned authorities that the personal data of 63,206 people, mostly its employees, has been inadvertently compromised.
The company, while informing the Office of the Maine Attorney General, revealed that the breach occurred on September 21, 2023. Significantly, the data breach was detected after almost three months on December 12, 2023. Only 82 people from Maine have been impacted.
Verizon said it believes “inadvertent disclosure” and “insider wrongdoing” are the key reasons for the data breach. The company is informing all the affected people about the breach.
The compromised personal information included names, addresses, Social Security Number or other national identifier (if available), gender, union affiliation (if applicable), date of birth, and compensation information, as per the sample letter shared by Verizon with the Office of Maine’s Attorney General. This sensitive personal information can be used by malicious elements to inflict financial damage on the person.
“Verizon recently discovered that an employee inappropriately handled a file containing certain personal information about some Verizon employees,” said Verizonspokesman Rich Young. “At this point, we have no reason to believe the information was improperly used or that it was shared outside of Verizon. We are notifying the affected employees and applicable regulators about the matter. Again, we have no reason to believe there wasmaliciousintentnor do we believetheinformation was shared externally. Our internal review of this matter continues.”
Explaining the breach, Verizon’s letter to the affected people said, “A Verizon employee obtained a file containing certain employee personal information without authorization and in violation of company policy. Promptly after learning of the issue, we conducted a review of the relevant file to determine the types of information that were impacted.”
The company has provided “complimentary credit monitoring and identity protection services for 24 months.” In case fraud occurs because of a data breach, affected individuals can claim up to $1 million in reimbursem*nt for stolen funds and expenses, Verizon told the Office of the Maine Attorney General. Verizon hadn’t responded to the questionnaire shared with them till the time of publishing this story.
Growing security incidents at telcos
Over the last few years, Verizon has been at the receiving end of security-related issues. In January 2023, the data of Verizon’s 7.5 million wireless customers was available on Dark Web. In addition, the personal information, including names, email addresses, and corporate ID numbers, of Verizon’s employees was compromised in a data breach incident in 2022.
“The frequency of such breaches, even at organizations equipped with the most sophisticated data-privacy-and-security mechanisms, is a pointer to the lacunas that continue to exist in the defense fabrics being employed,” said Deepak Kumar, the founder analyst and chief research officer at BMNxt Business and Market Advisory.
“This particular incidence, in which, as Verizon has indicated, no rogue actor was involved, nevertheless shows that there is a lack of coherence between the policies, people, and the processes in action. It also shows that while we continue to discuss a lot about models such as zero-trust data security, there obviously are ways to transgress such models,” added Kumar.
As per Verizon’s 2023 Data Breach Investigations Report, 74% of the breaches involved human elements, which may include social engineering attacks, errors, or misuse. The telecom service providers are a regular target of threat actors because it has vast amounts of sensitive and personal data of the consumers. Last year, T-Mobile experienced incidents of data breaches.
Related content
- newsFortinet confirms breach that likely leaked 440GB of customer data The cybersecurity company said a threat actor had unauthorized access to files on a third-party cloud-shared drive.By Shweta Sharma13 Sep 20243 minsData BreachRansomware
- newsTransport for London continues to struggle with cyber attack TfL reports that customer data was accessed, as it struggles with the consequences of a cyberattack that hit it over a week ago.By Julia Mutzbauer12 Sep 20242 minsData BreachTransportation and Logistics IndustryCyberattacks
- analysisThe 18 biggest data breaches of the 21st century Data breaches affecting millions of users are far too common. Here are some of the biggest, baddest breaches in recent memory.By Michael Hill, Dan Swinhoe and John Leyden12 Sep 202418 minsData BreachPhishingRSA Conference
- newsAvis reports data breach affecting 300,000 customers Rental car company Avis detected unauthorized access to a business applications in August. ‘Insider wrongdoing’ may have played a role.By Florian Maier10 Sep 20242 minsData Breach
- PODCASTS
- VIDEOS
- RESOURCES
- EVENTS
SUBSCRIBE TO OUR NEWSLETTER
From our editors straight to your inbox
Get started by entering your email address below.
