Verizon is notifying more than 63,000 people, mostly current employees, that an insider, accidentally or otherwise, had inappropriate access to their personal data.
The privacy blunder happened in September, and the American telco giant attributed it to “inadvertent disclosure” and “insider wrongdoing” in documents submitted to the Maine Attorney General. The Pine Tree state’s strict data loss rules require security snafu disclosures, even though in this case only 82 of its residents were directly affected.
At the heart of the drama: A Verizon employee apparently obtained a file that they shouldn’t have had access to, containing personal information including: names, addresses, Social Security numbers or other national identifiers, gender, union affiliation (if applicable), dates of birth, and compensation information.
Of the 63,206 people to receive privacy breach notifications [PDF], “the vast majority of the impacted are current Verizon employees,” spokesperson Rich Young told The Register. There are some former Verizon employees included who they will be notified and offered the same [identity protection] services as current team members.”
An internal review of the error remains ongoing, though as of now it does not appear to be a rogue insider intent on selling coworker info on criminal marketplaces, we’re told.
“There is no indication of malicious intent nor do we believe the information was shared externally,” Verizon’s Young said.
When asked what, if anything, happened to the employee behind the inadvertent disclosure, Young added: “We’re not going to discuss any employee involved as these are private, personnel matters.”
In light of the snafu, Verizon tells us it is boosting its technical controls to prevent future unauthorized file access. The cellular giant is also offering affected individuals two years of free credit monitoring and identity protection services and if fraud occurs, they can receive up to $1 million in reimbursement for stolen funds and expenses.
Verizon’s most recent security snafu happened back in October 2022 when some of its prepaid customers’ accounts were compromised by crooks attempting to hijack their phone numbers via SIM swapping methods.
“Between October 6 and October 10, 2022, a third party actor accessed the last four digits of the credit card used to make automatic payments on your account,” the mobile network operator said at the time.
From there, the criminals attempted to transfer the victims’ phone numbers to other devices, which would allow the fraudsters to access one-time security codes and then break into the victims’ banking apps and other online accounts. ®