Cyber Incident Victim: Verizon
Date:
Jan 2023
Location:
United States of America
Summary
A cyber incident targeting multiple US telecommunications firms, including Verizon, resulted in the exposure of over 74 million consumer records through breaches linked to third-party vendors. Threat actors exploited vulnerabilities in vendor systems, such as insecure cloud storage and compromised software providers, leading to widespread data leaks containing sensitive customer information. The breaches facilitated risks including identity theft, financial fraud, and extortion, mirroring tactics observed in prior sector incidents. In response to the attacks, regulatory authorities proposed eliminating mandatory waiting periods for breach notifications and expanding federal agency oversight to enhance consumer protections.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
In early January 2023, multiple U.S. telecommunications providers, including Verizon, T-Mobile, and US Cellular, experienced significant data breaches resulting in the exposure of consumer records. Cybersecurity firm Cyble documented these incidents, attributing the attacks to threat actors exploiting vulnerabilities in third-party vendors serving the telecommunications sector. The initial breach occurred on January 5 when ransomware group CL0P leaked screenshots of identification documents from disadvantaged applicants participating in the Affordable Connectivity Program through CGM, a software provider for telecom companies. The following day, threat actor IntelBroker claimed access to 37 million AT&T customer records via an insecure third-party cloud storage repository. Cyble subsequently confirmed additional breaches impacting Verizon and other carriers, cumulatively exposing data belonging to over 74 million consumers. Researchers linked the pattern of attacks to the high internet penetration rate in the U.S., which created an expanded attack surface for ransomware groups and advanced persistent threats targeting telecommunications infrastructure.
The breaches primarily stemmed from compromised third-party vendors, managed service providers, and cloud storage systems, enabling large-scale supply chain attacks. Exposed consumer data became weaponized for identity theft, financial fraud, and extortion attempts, mirroring tactics observed in prior incidents like the Optus breach. In response to these incidents, the Federal Communications Commission proposed updated breach notification rules on January 5, 2023, seeking to eliminate the mandatory seven-day waiting period before customer alerts and expanding mandatory notifications to include the FCC, FBI, and Secret Service. FCC Chairwoman Jessica Rosenworcel emphasized the need for strengthened reporting requirements amid escalating cyberattack frequency and sophistication. Affected companies implemented reactive measures including forensic audits, partnerships with cybersecurity firms, and short-term credit monitoring services for impacted consumers. Cyble analysts noted these actions addressed immediate risks but highlighted the necessity for proactive policies such as enhanced vendor security protocols and cyber insurance adoption to mitigate future threats.