Verizon, one of the largest telecommunications service providers in the US, has informed the concerned authorities that the personal data of 63,206 people, mostly its employees, has been inadvertently compromised.
The company, while informing the Office of the Maine Attorney General, revealed that the breach occurred on September 21, 2023. Significantly, the data breach was detected after almost three months on December 12, 2023. Only 82 people from Maine have been impacted.
Verizon said it believes âinadvertent disclosureâ and âinsider wrongdoingâ are the key reasons for the data breach. The company is informing all the affected people about the breach.
The compromised personal information included names, addresses, Social Security Number or other national identifier (if available), gender, union affiliation (if applicable), date of birth, and compensation information, as per the sample letter shared by Verizon with the Office of Maineâs Attorney General. This sensitive personal information can be used by malicious elements to inflict financial damage on the person.
âVerizon recently discovered that an employee inappropriately handled a file containing certain personal information about some Verizon employees,â said Verizon spokesman Rich Young. âAt this point, we have no reason to believe the information was improperly used or that it was shared outside of Verizon. We are notifying the affected employees and applicable regulators about the matter. Again, we have no reason to believe there was malicious intent nor do we believe the information was shared externally. Our internal review of this matter continues.â Â
Explaining the breach, Verizonâs letter to the affected people said, âA Verizon employee obtained a file containing certain employee personal information without authorization and in violation of company policy. Promptly after learning of the issue, we conducted a review of the relevant file to determine the types of information that were impacted.â
The company has provided âcomplimentary credit monitoring and identity protection services for 24 months.â In case fraud occurs because of a data breach, affected individuals can claim up to $1 million in reimbursement for stolen funds and expenses, Verizon told the Office of the Maine Attorney General. Verizon hadnât responded to the questionnaire shared with them till the time of publishing this story.
Growing security incidents at telcos
Over the last few years, Verizon has been at the receiving end of security-related issues. In January 2023, the data of Verizonâs 7.5 million wireless customers was available on Dark Web. In addition, the personal information, including names, email addresses, and corporate ID numbers, of Verizonâs employees was compromised in a data breach incident in 2022.
âThe frequency of such breaches, even at organizations equipped with the most sophisticated data-privacy-and-security mechanisms, is a pointer to the lacunas that continue to exist in the defense fabrics being employed,â said Deepak Kumar, the founder analyst and chief research officer at BMNxt Business and Market Advisory.
âThis particular incidence, in which, as Verizon has indicated, no rogue actor was involved, nevertheless shows that there is a lack of coherence between the policies, people, and the processes in action. It also shows that while we continue to discuss a lot about models such as zero-trust data security, there obviously are ways to transgress such models,â added Kumar.
As per Verizonâs 2023 Data Breach Investigations Report, 74% of the breaches involved human elements, which may include social engineering attacks, errors, or misuse. The telecom service providers are a regular target of threat actors because it has vast amounts of sensitive and personal data of the consumers. Last year, T-Mobile experienced incidents of data breaches.