Cyber Incident Victim: Verizon
Date:
Oct 2022
Location:
United States of America
Summary
Verizon prepaid customers experienced unauthorized account access where attackers exploited the last four digits of stored credit card details to conduct SIM swap attacks, enabling account takeovers and potential compromise of associated services. The telecom provider reversed unauthorized SIM changes, blocked further access, and reset security PINs for affected accounts, confirming no ongoing malicious activity or exposure of full financial data. While attackers accessed names, phone numbers, billing addresses, and service plans, Verizon implemented additional safeguards including Number Lock features to prevent future SIM porting and advised customers to update account credentials. Approximately 250 accounts were impacted, with the company emphasizing enhanced security protocols post-incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Between October 6 and October 10, 2022, unauthorized third parties accessed Verizon prepaid customer accounts by exploiting the last four digits of credit card numbers used for automatic payments. This information enabled attackers to perform SIM card changes on affected accounts, redirecting phone numbers to attacker-controlled devices. Verizon detected the activity and reversed unauthorized SIM swaps while blocking further account access. The company confirmed no ongoing malicious activity after containment. Approximately 250 prepaid accounts were impacted, though Verizon did not disclose the total number of notified customers. Account Security Codes (PINs) were reset proactively to prevent additional compromises. Attackers could not access full credit card numbers, banking details, passwords, Social Security numbers, tax IDs, or other sensitive financial information due to Verizon’s account data restrictions. Compromised accounts exposed customer names, telephone numbers, billing addresses, price plans, and service-related metadata. Verizon published a non-indexed breach notification on its website before directly alerting affected customers via undisclosed methods.
One confirmed victim reported a SIM swap on October 7, 2022—nine days before Verizon’s notification—resulting in unauthorized email and cryptocurrency account access. The attackers potentially leveraged external data breaches (e.g., Coinbase) to identify targets before exploiting Verizon’s credit card data exposure. Verizon advised customers to reset account PINs, passwords, and security questions while recommending activation of the free Number Lock feature to prevent unauthorized porting or SIM swaps. The company emphasized that Number Lock requires manual deactivation by the account holder before any carrier transfer or SIM change. This incident followed a separate 2021 breach affecting Verizon-owned Visible customer accounts. Verizon’s public statement confirmed enhanced security protocols but did not specify technical or procedural changes implemented post-breach. Customers were directed to contact Verizon through official channels for suspected unauthorized access.