Verizon Employee Data Compromised
Table of Contents
- By Steven
- Published: Feb 07, 2024
- Last Updated: Feb 08, 2024
Verizon is a top-performing communications organization with clients and influence worldwide. They offer various electronic services, including physical technology, Internet services, entertainment programs, communications plans, etc. They enjoy a user base of nearly 145 million people in the US, making them the largest telecoms operator in the states. Verizon recently announced a breach in mid-September 2023; however, the event was not from an external threat actor—it came from an employee.
How Did the Leak Occur?
According to the sample impact notice published by the Maine Attorney General’s Office, the leak happened after a Verizon employee obtained a confidential file; this file held the information of 63,206 individuals within the Verizon employee systems. The offending employee accessed this file without proper authorization and against company policy. The notice does not indicate how the employee accessed the file, so whether this event occurred due to misconfigured permissions or an internal error is unclear.
What Information Was Viewed?
The investigation into the event found that the file contained data related to Verizon employees; however, it is unclear if these records belong to only current employees or if they also include former employees. The notice suggests that the exposed file includes personal information like names, addresses, Social Security Numbers, national identifiers, genders, union affiliations, birthdays, and compensation details. The exposures differ between individuals, and some victims may have compromised more information than others—as with the case of union affiliations versus non-union employees.
How Did Verizon Communications Admit to the Event?
According to the Maine Attorney General breach filing, the employee accessed the file around September 21st, 2023. Verizon was unaware of the leak until almost three months later, around December 12th. They immediately began investigations into the event. Those impacted will likely receive nuanced notices about the individual risks associated with the incident. Officials began sending impact notices around February 7th, 2024.
What Will Become of the Information?
What happens to the compromised data from this event depends on the offending employee and their ultimate motivations. If they obtained the file without knowing the data inside, they may have inadvertently accessed it without malicious intent. However, this is not always the case. Employees are as likely to release confidential information to bad actors as external threats, especially if they feel slighted by their former employer. To that end, the notice does not indicate if the employee released the data to another party or if they still retain a copy of the file. In other words, even if the file exposure was an accident, there is still a chance that those with compromised data will face consequences from the breach.
What Should Affected Parties Do in the Aftermath?
Those with data compromised in this event must consider their cybersecurity. If their data is exposed online, it could end with them facing financial or identity fraud, impersonation, or even extortion. Their only choice is to begin safeguarding their data from all access, starting with their personal and business accounts. All profiles must have unique, complex passwords and the highest level of security available—this is often multi-factor authentication. They must also scrutinize their interactions with strangers and other employees; otherwise, they may fall victim to spear phishing attacks (and subsequent credential-stuffing events). Moreover, although the notice suggests that the leak was accidental or unintentional, it nevertheless compromises its victims’ data—and they must subsequently act to protect themselves.
