The breach was seemingly caused inadvertently by a fellow staff member
This week, US mobile giant Verizon has informed authorities that the personal data of 63,206 people – primarily the company’s own employees – have been compromised by a data breach. This represents the data of roughly half of the company’s 117,000 workers.
The breach occurred on September 21 last year and was only detected on December 12, almost three months later.
While the specifics surrounding what caused the breach were not revealed, Verizon said it believed “inadvertent disclosure” and “insider wrongdoing” were the cause of the breach.
According to the operator’s report, the data compromised during the attack included employees’ names, addresses, Social Security Number or other national identifier (if available), gender, union affiliation (if applicable), date of birth, and compensation information.
However, it appears none of this data has been shared with external sources.
“[On Sept. 21], a Verizon employee obtained a file containing certain employee personal information without authorization and in violation of company policy,” explained Verizon in a sample letter to victims filed with the Maine attorney general’s office. “Promptly after learning of the issue [on Dec. 12], we conducted a review. […] At this time, we have no evidence that this information has been misused or shared outside of Verizon as a result of this issue.”
Verizon says work is ongoing to better understand the cause of the breach and to improve internal security.
The company has also implemented a two-year identity theft protection and credit monitoring service, details of which have been sent to impacted employees.
This data breach is Verizon’s second major security scandal in the past year, with 7.5 million of the company’s wireless subscribers having their data leaked on the Dark Web.
Want to keep up to date with the latest telecoms news from the US market? Join the telcos in discussion at this year’s Connected America conference live in Dallas, Texas