Verizon Employee Data Exposed in Insider Threat Incident

Tens of thousands of workers are effected by a fellow employee dipping into files that include everything from SSNs and names to union status and compensation data.

silhouetted people against red verizon logo backdrop
Source: Verizon

About 63,000 Verizon employees have been affected by a breach that occurred in September 2023 but which wasn't discovered for three months.

In a notice to the Maine attorney general's office, the telecom giant noted that the breach was caused by an insider threat but that it was an "inadvertent disclosure" rather than a malicious one.

The exposed information includes names, addresses, Social Security numbers, gender, union affiliations, dates of birth, and compensation information — basically a phisher's social engineering giftbox.

"[On Sept. 21], a Verizon employee obtained a file containing certain employee personal information without authorization and in violation of company policy," according to a sample letter to victims filed with the Maine attorney general's office. "Promptly after learning of the issue [on Dec. 12], we conducted a review. … At this time, we have no evidence that this information has been misused or shared outside of Verizon as a result of this issue."

Verizon — which offers consumer wireless, home Internet, IT consulting, business communications, cybersecurity offerings, and much more — offered the following statement in response to Dark Reading's request for more details on the breach: "Verizon recently discovered that an employee inappropriately handled a file containing certain personal information about some Verizon employees.  At this point, we have no reason to believe the information was improperly used or that it was shared outside of Verizon.  We are notifying the affected employees and applicable regulators about the matter.  Our internal review of this matter continues."

The service provider said it was reviewing its technical controls to prevent a repeat of the situation down the line, but Jim Alkove, co-founder and CEO of identity security startup Oleria and former chief trust officer at Salesforce.com, believes that it's equally important to be mindful of security mindset.

"Today’s news is a perfect example of unintended access and the need for both a cultural shift around access (aka less is best; and no, not every exec needs access to everything all the time) as well as a modernized approach to the tools themselves (we need to lean into autonomous tech)," he said in an emailed comment.

The news comes amid ongoing cyberattacks against telecom providers; it's also Verizon's second data breach incident in less than a year. Last March, 7.5 million wireless customers were affected when their information cropped up for sale on the Dark Web; the provider said a third-party provider was to blame.

About the Author

Tara Seals, Managing Editor, News, Dark Reading

Tara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights