The most recent Verizon data breach was reported in March 2023, when data on over 7 million Verizon customers was exposed on a hacker forum.
Below is a full timeline of the Verizon data breaches through 2023, starting with the most recent.
March 2023: Data on 7.5 Million Verizon Customers Exposed on Hacker Forum
In March 2023, records on over 7 million Verizon users were posted to Breached Forums, a popular hacker forum. The data included contract information, device information, encrypted customer IDs, and more — but it does not appear that unencrypted personal data was included in the leak.
In response, Verizon stated that the issue stemmed from an outside vendor and had been resolved in January of 2023.
October 2022: 250 Verizon Prepaid Accounts Compromised
In October 2022, Verizon contacted prepaid customers to let them know a third party accessed their accounts during an attack that took place between October 6 and October 10. In total, around 250 prepaid wireless accounts were compromised during the attack.
During the breach, the last four digits of the customer’s payment card numbers were exposed. While that wouldn’t allow the cards to be used for purchases elsewhere, it did provide the hackers with enough information to gain access to more account details, including names, phone numbers, and billing addresses.
Additionally, hackers were potentially able to make unauthorized changes, such as conducting SIM swaps. That would allow another device to intercept messages or calls intended for the account holder, which could compromise additional accounts.
Verizon took steps to safeguard the impacted accounts, such as resetting PIN codes. Additionally, the wireless company provided recommendations to protect non-Verizon accounts that hackers could potentially access if a SIM swap occurred.
May 2022: Hacker Attempts to Ransom Verizon Employee Database
In May 2022, a hacker collected internal contact information and additional details on Verizon employees, including names, ID numbers, phone numbers, and email addresses. The attacker claimed to use social engineering to gain access to internal systems and subsequently downloaded the information. In exchange for not releasing the database, the hacker requested a payment of $250,000.
Verizon stated that they declined to engage with the hacker, claiming the information was already readily available. However, that doesn’t mean the database couldn’t cause harm, as it could allow hackers to pose as employees or provide others with mechanisms for flooding the Verizon email system with spam messages or other nefarious emails.
July 2017: Data on 6 Million Verizon Users Leaked
In July 2017, Verizon confirmed that data on 6 million Verizon users was leaked online. The company stated that a misconfiguration error on a cloud server made the information viewable to anyone. Among the exposed data were customer names, phone numbers, and account PINs.
The issue was initially discovered by UpGuard, who reported the leak to Verizon. Verizon quickly addressed the issue, ensuring the exposed data didn’t remain accessible to the public.
While the data wasn’t stolen during a hack or similar attack, the fact it was publicly accessible created a risk for the impacted customers. During the period the data was exposed, anyone could access the data and use it to pose as the associated customer. Verizon customers were encouraged to update their PINs, as that would limit the impact if an unauthorized person did access the data.
March 2016: 1.5 Million Verizon Enterprise Customers Impacted by Hack
Reports emerged in March 2016 regarding a hack that exposed the contact information of over 1.5 million Verizon Enterprise customers. The data was accessed through a security vulnerability and subsequently leaked on a cybercrime forum.
The hackers listed the customer data for sale, with prices ranging from $10,000 to $100,000. Additionally, the group offered information about security vulnerabilities relating to the Verizon website as an option for interested buyers.
The impacted Verizon Enterprise customers were notified of the issue by Verizon, and no consumer data was involved in the breach. The vulnerability – which was related to the enterprise client portal – was quickly addressed once it became known to Verizon.
November 2008: Verizon Employees Fired Over Improperly Accessing Barack Obama’s Cell Phone Records
In November 2008, reports emerged stating that Verizon fired an undisclosed number of employees after they breached cell phone records on then-President-Elect Barack Obama. The employees in question provided customer support and weren’t authorized to access customer records if it wasn’t explicitly requested by a customer.
While Obama wasn’t using that phone at the time of the firings, and the employees didn’t have access to information like the contents of text messages or voicemails, the workers involved could have potentially viewed other types of activity. For example, telephone numbers that were called or that called into the phone were potentially viewable, as well as call durations.
The device in question also wasn’t a smartphone, so there was no connected email service or similar data-related capabilities. Verizon also investigated whether information gathered by the employees was shared with others and alerted the appropriate authorities to the activity.