Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







Verizon’s Insider Data Breach Impact 63000+ Employees

What Happened

In February 2024, Verizon disclosed an insider data breach affecting over 63,000 employees. Discovered in December 2023, the breach occurred in September 2023 when a Verizon employee accessed sensitive information without authorization.

The compromised data includes names, addresses, Social Security numbers, gender, union affiliations, dates of birth, and compensation details.

Verizon characterizes the breach as an “inadvertent disclosure,” indicating no malicious intent.

Verizon’s Response

Verizon has initiated measures to enhance its internal security protocols and is notifying affected employees.

Additionally, the company is providing free identity protection and credit monitoring services to impacted individuals. The telecom giant has informed relevant regulators about the incident and is conducting an internal review to prevent future occurrences.

Currently, there is no evidence of this information being misused or shared outside of Verizon as a result of this issue, according to the Verizon data breach notification.

In line with this, Verizon has not referred the matter to law enforcement, indicating no detected malicious intent.

Insider Threat

Insider threats, whether unintentional or deliberate, pose significant risks to data security. Therefore, it is necessary to implement tailored mitigation programs to address these risks.

Nearly 35% of unauthorized access incidents in 2022 were attributed to insider actions.

Additionally, according to IBM’s “Cost of a Data Breach Report 2023,” attacks initiated by malicious insiders were the most expensive breach type among all initial attack vectors. On average, these breaches cost USD 4.90 million, whereas the average cost per data breach is USD 4.45 million. While they occur relatively rarely at only 6% of occurrences, their cost impact is significant.

Cultivating a culture of prevention and reporting is essential to mitigate the risks associated with insider threats.

Closing Comments

This incident emphasizes the significance of implementing an effective access control mechanism and processes that are based on clearly defined employee roles and responsibilities.

This is particularly critical for large organizations with complex structures and a multitude of systems containing various types of information. One commonly overlooked task is revoking unnecessary access when employees change roles.

In conclusion, it is crucial to establish, maintain, and adhere to well-defined access control processes, along with implementing access control systems.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.