Telecommunications giant Verizon Communications is notifying more than 63,000 employees that their personal information was exposed in an internal data breach.
The company has informed the Maine Attorney General’s Office that the incident was discovered on December 12, 2023, but that it occurred on or around September 21, 2023.
“A Verizon employee obtained a file containing certain employee personal information without authorization and in violation of company policy,” the company’s notification letter to the impacted individuals reads.
Verizon’s investigation determined that the file contained names, addresses, dates of birth, Social Security numbers, other national identifiers, gender details, union affiliation, and compensation information.
Verizon says it has started improving its technical controls to prevent similar incidents and is also notifying applicable regulators.
“At this time, we have no evidence that this information has been misused or shared outside of Verizon as a result of this issue,” the company notes.
However, the impacted individuals are being offered free identity protection and credit monitoring services.
Verizon informed the Maine AGO that a total of 63,206 individuals were affected by the incident. All appear to be current employees, based on the company’s note that instructions for identity protection and credit monitoring services enrollment will be delivered to their work email addresses.
The data breach, a Verizon spokesman told SecurityWeek, was the result of an employee inappropriately handling the file containing personal information, without ill intent.
“At this point, we have no reason to believe the information was improperly used or that it was shared outside of Verizon. There is no indication of malicious intent nor do we believe the information was shared externally,” Verizon’s spokesman said.