Verizon data breach contains personal data of its employees
Verizon has experienced a data breach, where the full names, email addresses, corporate ID numbers, and phone numbers of Verizon employees were compromised, according to a report from Motherboard. Verizon has also confirmed the data breach, though the company has said it will not engage with the hacker because Verizon does not believe the information is sensitive.
As to how the data breach came to light, it was as a result of the hacker reaching out to Motherboard to share the information with the publication. There is no clear indication of just how up-to-date the information is, but it does appear to contain a mix of current and previous employees.
In order to verify the contents of the dataset, Motherboard reached out to some of the phone numbers in the data. Four people confirmed that their phone number and email address were correct, and they also confirmed they currently worked at Verizon. One other confirmed they had previously worked at the company, and another dozen or so numbers had voicemails that matched the associated names in the database.
According to the hacker, the information was obtained when they were able to convince a Verizon employee to give them remote access to their corporate terminal. Apparently, this was an easy task, as the hacker simply posed as an internal support employee.
“These employees are idiots and will allow you to connect to their PC under the guise that you are from internal support,” they told Motherboard.
By gaining access to an employee’s computer, the hacker said that they were able to gain access to the wireless carrier’s internal tool, allowing them to check out various details about employees working for the company. The hacker then created an additional tool to download the aforementioned data.
The hacker also stated that they had contacted Verizon, requesting a payment of $250,000 USD in order to keep the information contained. Verizon did confirm the attack to Motherboard when asked, stating:
“A fraudster recently contacted us threatening to release readily available employee directory information in exchange for payment from Verizon. We do not believe the fraudster has any sensitive information and we do not plan to engage with the individual further. As always, we take the security of Verizon data very seriously and we have strong measures in place to protect our people and systems.”
While it’s true that no social security numbers, passwords, or credit card information was stolen, it still has the potential to be incredibly dangerous for past and present employees at the company. They can be used to impersonate employees, harass people in the dataset, or to even conduct phishing scams.
It’s currently unknown who the hacker is.