Another remarkable incident in the telecommunications industry this week, as the US mobile colossus, Verizon, reported a significant data breach. A staggering number, 63,206 to be specific, all of which are primarily the company’s workforce, had their sensitive data compromised. Approximately half of the company’s total staff base of 117,000 fell victim to this security breach.
Strikingly, this breach rootbacks to September 21 of the previous year, yet, it remained undetected until December 12, nearly a quarter-year later. The reasons that led to this event remain under wraps, however, Verizon pointed towards “inadvertent disclosure” and “insider wrongdoing” as possible culprits of the data breach.
The kind of data swept away in the attack is quite comprehensive, including personal identifiers such as employees’ names, residential addresses, Social Security Number or any other national identifiers when present. Additional data like gender, union affiliations where applicable, date of birth, and even compensation-related information were also part of the breach. Interestingly, Verizon observes that none of this data seems to have been disclosed to external entities.
Speaking about the incident, Verizon acknowledged, “[On Sept. 21], a Verizon employee obtained a file containing certain employee personal information without authorization and in violation of company policy.” Further shedding light on this severe issue, a Verizon representative disclosed, “Promptly after learning of the issue [on Dec. 12], we conducted a review. […] At this time, we have no evidence that this information has been misused or shared outside of Verizon as a result of this issue.”
Actions are in play for diagnosing the precise cause behind the security breach while efforts to bolster in-house security systems have been intensified. In addition to these measures, Verizon has initiated a two-year identity theft protection regime and credit monitoring service, and the specifics of this have been forwarded to the impacted personnel.