Verisign, a prominent telecommunications service provider in the US, recently disclosed a significant data breach affecting over 63000 individuals, mostly its employees. The breach, discovered on September 21, 2023, was only detected three months later, on December 12, 2023, and has impacted 82 people from Maine one of the easternmost states in the United States.
According to Verisign, it believes that the breach resulted from “inadvertent disclosure” and “insider wrongdoing.” The compromised personal information includes names, addresses, Social Security Numbers, gender, union affiliation, date of birth, and compensation details. This sensitive data could potentially be exploited for financial gain by malicious actors.
Verisign has taken steps to address the breach, including informing affected individuals and providing complimentary credit monitoring and identity protection services for 24 months. Additionally, Verisign told the Office of the Maine Attorney General, that affected individuals can claim up to $1 million in reimbursement for stolen funds and expenses in case of fraud resulting from the breach.
This incident underscores the ongoing security challenges faced by telecommunications companies. Despite robust data privacy and security measures, breaches like this highlight gaps in policy enforcement and operational processes. While organizations strive to implement advanced security models like zero-trust data security, breaches continue to occur due to human error or misuse.
According to Verisign’s 2023 Data Breach Investigations Report, a significant percentage of breaches involve human elements such as social engineering attacks, errors, or misuse. Telecom providers, given their access to vast amounts of sensitive consumer data, remain prime targets for threat actors. This incident serves as a reminder of the importance of ongoing vigilance and security measures to protect against data breaches.