Verizon
Company Details
Linkedin ID:
verizon
Website:
Employees number:
99,359
Number of followers:
1,444,845
NAICS:
5415
Industry Type:
Homepage:
verizon.com
IP Addresses:
0
Company ID:
VER_1131816
Scan Status:
In-progress
Verizon Company CyberSecurity Posture
verizon.com
We get you. You want more out of a career. A place to share your ideas freely — even if they’re daring or different. Where the true you can learn, grow, and thrive. You’ll find all that here. Because we empower you. We power and empower how people live, work and play by connecting them to what brings them joy. The same is true inside our walls. We do what we love — driving innovation, creativity, and impact in the world. And wherever you go, we got your back. This is a team sport. Our V Team is a community of people who anticipate, lead, and believe that listening is where learning begins. In crisis and in celebration, we come together— lifting our communities and building trust in how we show up, everywhere & always. Want in? Join the V Team Life.
Verizon A.I CyberSecurity Scoring
Verizon Risk Score (AI oriented)Between 700 and 749
Verizon
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Verizon Global Score (TPRM)XXXX
Verizon
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Verizon Company CyberSecurity News & History
Past Incidents
12
Attack Types
4
Verizon
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: On July 20, 2017, the Montana Department of Justice reported a data breach involving Verizon. The breach occurred due to unauthorized access to payment card and reservation information through Sabre Hospitality Solutions’ system. The breach was first accessed on August 10, 2016, and the last access was recorded on March 9, 2017, affecting 2 individuals. The unauthorized access resulted in the potential compromise of sensitive customer information, posing risks to their financial and personal data.
Verizon Communications
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The Vermont Office of the Attorney General reported on February 8, 2024, that Verizon Communications experienced a data breach on or around September 21, 2023. The breach involved unauthorized access to employee personal information, potentially affecting individuals' names, Social Security numbers, dates of birth, and compensation information. The number of individuals affected has not been disclosed.
Verizon
Breach
Rankiteo Explanation
Attack that could bring to a war
Description: Chinese state-sponsored hackers, identified as Salt Typhoon, penetrated Verizon's network with the intention of obtaining sensitive phone communications, including those involving Donald Trump and J.D. Vance, potentially affecting the upcoming 2024 US presidential election. The breach may have compromised metadata about communications and possibly exposed unencrypted voice or text conversations. The security incident signifies a substantial espionage threat by harvesting information that could be used for influence operations.
Verizon
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Specialists at the Kromtech Security Research Centre have uncovered a fresh Verizon breach that revealed private and delicate information on internal networks. Server logs and internal system credentials are among the many documents that have been leaked; the vast collection of papers was discovered on an unprotected Amazon S3 bucket. The archive appears to make reference to internal systems used by Verizon Wireless, called Distributed Vision Services (DVS). DVS is a middleware system that the business uses to transfer data from back-end systems to front-end applications that employees and staff in call centres and stores utilise. 129 Outlook messages with internal conversations within the Verizon Wireless domain were found in another folder, and other folders included secret internal Verizon information.
Verizon
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: A hacker obtained a database that included the full name, email address, corporate ID numbers, and phone number of hundreds of Verizon employees. The hackers confirmed that gained access to a Verizon internal tool that shows employee’s information, and wrote a script to query and scrape the database after convincing a Verizon employee to give them remote access to their corporate computer. The hackers demanded $250,000 as a reward for not leaking their entire employee database.
Verizon
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: KrebsOnSecurity claims that information that was exposed during a Verizon Enterprise Solutions security breach is accessible to cybercriminals. Verizon Enterprise is selling the records of 1.5 million of its customers; the full archive is being offered for $100,000, but purchasers can also purchase a bundle of 100,000 records for $10,000. Additionally, the hackers provided knowledge regarding Verizon security holes that probably made it possible to breach one of the company's systems. Representatives from Verizon Enterprise have acknowledged the website's data breach and the existence of the vulnerability that the attackers used, which has since been addressed by the company's experts. The business stated that no further data or customer-specific proprietary network information was accessed by the hackers.
Verizon
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Verizon suffered from a security breach that exposed 14 million customer accounts. A hacker obtained a database that included names, addresses, account records and account PIN numbers. The database and its terabytes of internal information were discovered without any real protection, according to cybersecurity company UpGuard, by one of its researchers.
Verizon
Cyber Attack
Rankiteo Explanation
Attack that could bring to a war
Description: Verizon's network was breached by Chinese hackers codenamed Salt Typhoon, who targeted high-profile individuals including Donald Trump and JD Vance. Officials suggest this breach could have allowed access to private communications and metadata, raising concerns about potential influence operations or espionage. Although the full extent of the data accessed is unclear, metadata alone could reveal sensitive information about the individuals' contacts and communication patterns. This incident showcases the susceptibility of telecommunications infrastructures to sophisticated cyber espionage and its potential implications on national security.
Verizon
Data Leak
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Vickery found a Verizon database set up for public access with no password or other form of verification. The database contains enormous amounts of data and metadata for DVR, VOD, and Fios Hydra services, as well as private Verizon encryption and authentication keys (PSKs), access tokens, and password hashes. Vickery quickly notified Verizon about the cybersecurity vulnerability after seeing the incorrectly configured database. The alert was instantly raised, but it took the corporation weeks to fix the problem. Verizon's data was offered for sale on a darknet forum for $100,000. Additionally, the crooks sold details on the firm's cybersecurity weaknesses.
Verizon
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A vulnerability was found in Verizon's Call Filter feature, permitting customers to access call logs of other Verizon users due to an unsecured API request. Discovered by Evan Connelly in February 2025, it was addressed by Verizon within a month. The issue stemmed from an API endpoint that did not verify if the phone number in the JWT payload matched the number whose call logs were retrieved, thus allowing users to view others' call histories. This security lapse presented risks particularly to high-profile individuals, with the potential to map out their daily routines and personal networks through call metadata.
Verizon
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A vulnerability in Verizon’s in Verizon’s online customer service system. The exposed information included only user IDs, phone numbers, and device names.
Verizon Business
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: Verizon Enterprise Solutions, a B2B unit of the telecommunications giant suffered a data breach incident after a third party offered a database containing the contact information on some 1.5 million customers for sale. The attackers offered the entire package at $100,000, and also the information about security vulnerabilities in Verizon’s Web site that permitted them to steal customer contact information, . Verizon identified and remediated the security vulnerability and also informed the affected individuals.
Verizon Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Verizon
Incidents vs IT Services and IT Consulting Industry Average (This Year)
Verizon has 36.99% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Verizon has 28.21% more incidents than the average of all companies with at least one recorded incident.
Incident Types Verizon vs IT Services and IT Consulting Industry Avg (This Year)
Verizon reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 1 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — Verizon (X = Date, Y = Severity)
Verizon cyber incidents detection timeline including parent company and subsidiaries
Verizon Company Subsidiaries
We get you. You want more out of a career. A place to share your ideas freely — even if they’re daring or different. Where the true you can learn, grow, and thrive. You’ll find all that here. Because we empower you. We power and empower how people live, work and play by connecting them to what brings them joy. The same is true inside our walls. We do what we love — driving innovation, creativity, and impact in the world. And wherever you go, we got your back. This is a team sport. Our V Team is a community of people who anticipate, lead, and believe that listening is where learning begins. In crisis and in celebration, we come together— lifting our communities and building trust in how we show up, everywhere & always. Want in? Join the V Team Life.
Loading...
Verizon Similar Companies
Infinite Computer Solutions
Infinite is a global leader in technology modernization, next-gen IT services and solutions, and digital engineering, with over two decades of experience helping clients turn digital transformation into business value. Leveraging an AI-first approach, we combine leading technologies, innovative plat
CenturyLink
CenturyLink (NYSE: CTL) is a technology leader delivering hybrid networking, cloud connectivity, and security solutions to customers around the world. Through its extensive global fiber network, CenturyLink provides secure and reliable services to meet the growing digital demands of businesses and c
We automate, digitize and transform the way people bank and shop. We offer proven expertise and comprehensive portfolios in cutting-edge product technology, multi-vendor software and service excellence for financial and retail customers. Consumer behavior is changing rapidly; people are empowered a
Atos
Atos Group is a global leader in digital transformation with c. 70,000 employees and annual revenue of c. € 10 billion, operating in 67 countries under two brands — Atos for services and Eviden for products. European number one in cybersecurity, cloud and high-performance computing, Atos Group is c
Insights you can act on to achieve trusted outcomes. We are insights-driven and outcomes-focused to help accelerate returns on your investments. Across 21 industry sectors and 400 locations worldwide, we provide comprehensive, scalable and sustainable IT and business consulting services that are in
At Globant, we create the digitally-native products that people love. We bridge the gap between businesses and consumers through technology and creativity, leveraging our experience as an AI powerhouse. We dare to digitally transform organizations and strive to delight their customers. - We have mo
Birlasoft
Navigating Change. Powering Progress. | Reimagining the Future with Birlasoft Birlasoft, a powerhouse where domain expertise, enterprise solutions, and digital technologies converge to redefine business processes. We take pride in our consultative and design thinking approach, driving societal pro
eClerx
eClerx is a productized services company, bringing together people, technology and domain expertise to amplify business results. Our mission is to set the benchmark for client service and success in our industry. Our vision is to be the innovation partner of choice for technology, data analytics and
Softtek
Founded in 1982 by a small group of entrepreneurs, Softtek started out in Mexico providing local IT services, and today is a global leader in next-generation digital solutions. The first company to introduce the Nearshore model, Softtek helps Global 2000 organizations build their digital capabilitie
.png)
Verizon CyberSecurity News
November 26, 2025 08:00 AM
AT&T, Verizon, And T-Mobile Customers Should Be Worried About The FCC's Ruling
The Federal Communications Commission recently voted to rescind certain cybersecurity rules, potentially putting mobile customers at greater...
November 25, 2025 08:00 AM
Verizon, AT&T, and T‑Mobile users at risk as controversial law protecting them is scrapped
USERS at major communications companies like Verizon and AT&T may be left feeling uneasy as a law protecting cybersecurity has been...
November 20, 2025 08:00 AM
FCC Scraps Cybersecurity Rules After China's Salt Typhoon Hack
Agency votes to roll back telecom security requirements despite massive breach.
October 25, 2025 07:00 AM
How AI & Human Error Drive a Surge in Mobile Cyberattacks
Verizon's 2025 MSI finds 85% see mobile attacks rise as 93% use Gen AI, but only 17% deploy AI-specific controls, leaving human error and...
October 24, 2025 07:00 AM
Verizon: AI and Human Error Fuel Mobile Security Threats
Verizon Business's Chris Novak discusses how AI and human error are creating a perfect storm of mobile security threats for businesses of...
October 23, 2025 07:00 AM
Mobile Security: Verizon Says Attacks Soar, AI-Powered Threats Raise Alarm
Verizon published its 2025 Mobile Security Index, which shows that 85% of organizations believe mobile device attacks are on the rise.
October 23, 2025 07:00 AM
AI-driven mobile threats & human error reshape global security
Verizon's Mobile Security Index reveals a surge in AI-driven mobile threats and human error, reshaping global organisational security risks...
October 23, 2025 07:00 AM
Verizon just called 2025 the “perfect storm” for mobile security, and your phone might be the weak link
A new Verizon report says businesses are facing a mobile threat surge – and most aren't ready for what's coming.
October 22, 2025 07:00 AM
Verizon: AI, mobile devices are brewing ‘perfect storm’ for security
Mobile devices are under attack now more than ever, according to the Verizon 2025 Mobile Security Index.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Verizon CyberSecurity History Information
Official Website of Verizon
The official website of Verizon is https://mycareer.verizon.com/.
Verizon’s AI-Generated Cybersecurity Score
According to Rankiteo, Verizon’s AI-generated cybersecurity score is 747, reflecting their Moderate security posture.
How many security badges does Verizon’ have ?
According to Rankiteo, Verizon currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Verizon have SOC 2 Type 1 certification ?
According to Rankiteo, Verizon is not certified under SOC 2 Type 1.
Does Verizon have SOC 2 Type 2 certification ?
According to Rankiteo, Verizon does not hold a SOC 2 Type 2 certification.
Does Verizon comply with GDPR ?
According to Rankiteo, Verizon is not listed as GDPR compliant.
Does Verizon have PCI DSS certification ?
According to Rankiteo, Verizon does not currently maintain PCI DSS compliance.
Does Verizon comply with HIPAA ?
According to Rankiteo, Verizon is not compliant with HIPAA regulations.
Does Verizon have ISO 27001 certification ?
According to Rankiteo,Verizon is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Verizon
Verizon operates primarily in the IT Services and IT Consulting industry.
Number of Employees at Verizon
Verizon employs approximately 99,359 people worldwide.
Subsidiaries Owned by Verizon
Verizon presently has no subsidiaries across any sectors.
Verizon’s LinkedIn Followers
Verizon’s official LinkedIn profile has approximately 1,444,845 followers.
NAICS Classification of Verizon
Verizon is classified under the NAICS code 5415, which corresponds to Computer Systems Design and Related Services.
Verizon’s Presence on Crunchbase
No, Verizon does not have a profile on Crunchbase.
Verizon’s Presence on LinkedIn
Yes, Verizon maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/verizon.
Cybersecurity Incidents Involving Verizon
As of December 19, 2025, Rankiteo reports that Verizon has experienced 12 cybersecurity incidents.
Number of Peer and Competitor Companies
Verizon has an estimated 38,020 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Verizon ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak, Vulnerability, Cyber Attack and Breach.
How does Verizon detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with identified and remediated the security vulnerability, and communication strategy with informed the affected individuals, and third party assistance with upguard, and containment measures with vulnerability addressed by experts, and remediation measures with addressed within a month..
Incident Details
Can you provide details on each incident ?
Title: Verizon Enterprise Solutions Data Breach
Description: Verizon Enterprise Solutions, a B2B unit of the telecommunications giant suffered a data breach incident after a third party offered a database containing the contact information on some 1.5 million customers for sale.
Type: Data Breach
Attack Vector: Exploitation of Web Vulnerabilities
Vulnerability Exploited: Security Vulnerabilities in Verizon’s Web site
Motivation: Financial Gain
Title: Verizon Online Customer Service System Vulnerability
Description: A vulnerability in Verizon’s online customer service system resulted in the exposure of user IDs, phone numbers, and device names.
Type: Data Breach
Vulnerability Exploited: Online customer service system vulnerability
Title: Verizon Employee Database Breach
Description: A hacker obtained a database that included the full name, email address, corporate ID numbers, and phone number of hundreds of Verizon employees. The hackers confirmed that they gained access to a Verizon internal tool that shows employee’s information, and wrote a script to query and scrape the database after convincing a Verizon employee to give them remote access to their corporate computer. The hackers demanded $250,000 as a reward for not leaking their entire employee database.
Type: Data Breach
Attack Vector: Social Engineering, Remote Access
Vulnerability Exploited: Human Factor
Threat Actor: Unspecified Hacker
Motivation: Financial Gain
Title: Verizon Security Breach
Description: Verizon suffered from a security breach that exposed 14 million customer accounts. A hacker obtained a database that included names, addresses, account records and account PIN numbers. The database and its terabytes of internal information were discovered without any real protection, according to cybersecurity company UpGuard, by one of its researchers.
Type: Data Breach
Vulnerability Exploited: Unprotected Database
Threat Actor: Unknown Hacker
Title: Verizon Data Leak
Description: Vickery found a Verizon database set up for public access with no password or other form of verification. The database contains enormous amounts of data and metadata for DVR, VOD, and Fios Hydra services, as well as private Verizon encryption and authentication keys (PSKs), access tokens, and password hashes. Vickery quickly notified Verizon about the cybersecurity vulnerability after seeing the incorrectly configured database. The alert was instantly raised, but it took the corporation weeks to fix the problem. Verizon's data was offered for sale on a darknet forum for $100,000. Additionally, the crooks sold details on the firm's cybersecurity weaknesses.
Type: Data Leak
Attack Vector: Misconfigured Database
Vulnerability Exploited: Incorrectly configured database
Motivation: Financial GainInformation Selling
Title: Verizon Enterprise Solutions Security Breach
Description: KrebsOnSecurity claims that information that was exposed during a Verizon Enterprise Solutions security breach is accessible to cybercriminals. Verizon Enterprise is selling the records of 1.5 million of its customers; the full archive is being offered for $100,000, but purchasers can also purchase a bundle of 100,000 records for $10,000. Additionally, the hackers provided knowledge regarding Verizon security holes that probably made it possible to breach one of the company's systems. Representatives from Verizon Enterprise have acknowledged the website's data breach and the existence of the vulnerability that the attackers used, which has since been addressed by the company's experts. The business stated that no further data or customer-specific proprietary network information was accessed by the hackers.
Type: Data Breach
Attack Vector: Exploiting Security Vulnerability
Vulnerability Exploited: Security holes in Verizon's systems
Threat Actor: Unknown
Motivation: Financial GainData Sale
Title: Verizon Data Breach
Description: Specialists at the Kromtech Security Research Centre have uncovered a fresh Verizon breach that revealed private and delicate information on internal networks. Server logs and internal system credentials are among the many documents that have been leaked; the vast collection of papers was discovered on an unprotected Amazon S3 bucket. The archive appears to make reference to internal systems used by Verizon Wireless, called Distributed Vision Services (DVS). DVS is a middleware system that the business uses to transfer data from back-end systems to front-end applications that employees and staff in call centres and stores utilise. 129 Outlook messages with internal conversations within the Verizon Wireless domain were found in another folder, and other folders included secret internal Verizon information.
Type: Data Breach
Attack Vector: Unprotected Amazon S3 bucket
Vulnerability Exploited: Misconfiguration
Title: Verizon Network Breach by Salt Typhoon
Description: Verizon's network was breached by Chinese hackers codenamed Salt Typhoon, who targeted high-profile individuals including Donald Trump and JD Vance. Officials suggest this breach could have allowed access to private communications and metadata, raising concerns about potential influence operations or espionage. Although the full extent of the data accessed is unclear, metadata alone could reveal sensitive information about the individuals' contacts and communication patterns. This incident showcases the susceptibility of telecommunications infrastructures to sophisticated cyber espionage and its potential implications on national security.
Type: Cyber Espionage
Threat Actor: Salt Typhoon
Motivation: Influence OperationsEspionage
Title: Chinese State-Sponsored Hackers Breach Verizon's Network
Description: Chinese state-sponsored hackers, identified as Salt Typhoon, penetrated Verizon's network with the intention of obtaining sensitive phone communications, including those involving Donald Trump and J.D. Vance, potentially affecting the upcoming 2024 US presidential election. The breach may have compromised metadata about communications and possibly exposed unencrypted voice or text conversations. The security incident signifies a substantial espionage threat by harvesting information that could be used for influence operations.
Type: Espionage
Attack Vector: Network Penetration
Threat Actor: Salt Typhoon
Motivation: Espionage, Influence Operations
Title: Verizon Call Filter Vulnerability
Description: A vulnerability was found in Verizon's Call Filter feature, permitting customers to access call logs of other Verizon users due to an unsecured API request. Discovered by Evan Connelly in February 2025, it was addressed by Verizon within a month. The issue stemmed from an API endpoint that did not verify if the phone number in the JWT payload matched the number whose call logs were retrieved, thus allowing users to view others' call histories. This security lapse presented risks particularly to high-profile individuals, with the potential to map out their daily routines and personal networks through call metadata.
Date Detected: February 2025
Date Resolved: March 2025
Type: Vulnerability Exploit
Attack Vector: Unsecured API
Vulnerability Exploited: Unverified JWT payload
Title: Data Breach Involving Verizon through Sabre Hospitality Solutions
Description: Unauthorized access to payment card and reservation information through Sabre Hospitality Solutions’ system.
Date Detected: 2017-07-20
Date Publicly Disclosed: 2017-07-20
Type: Data Breach
Attack Vector: Unauthorized Access
Title: Verizon Communications Data Breach
Description: Unauthorized access to employee personal information, potentially affecting individuals' names, Social Security numbers, dates of birth, and compensation information.
Date Detected: 2023-09-21
Date Publicly Disclosed: 2024-02-08
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Remote Access, Misconfigured Database, Security holes in Verizon's systems, Unprotected Amazon S3 bucket and Sabre Hospitality Solutions’ system.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach VER232118522
Data Compromised: Customer Contact Information
Incident : Data Breach VER12367622
Data Compromised: User ids, Phone numbers, Device names
Incident : Data Breach VER31211822
Data Compromised: Full name, Email address, Corporate id numbers, Phone number
Systems Affected: Internal Tool
Incident : Data Breach VER919291022
Data Compromised: Names, Addresses, Account records, Account pin numbers
Incident : Data Leak VER41721823
Data Compromised: Dvr data, Vod data, Fios hydra data, Encryption and authentication keys, Access tokens, Password hashes
Systems Affected: DVRVODFios Hydra
Incident : Data Breach VER1744261023
Data Compromised: 1.5 million customer records
Incident : Data Breach VER27111223
Data Compromised: Server logs, Internal system credentials, Internal conversations, Secret internal verizon information
Systems Affected: Distributed Vision Services (DVS)Verizon Wireless domain
Incident : Cyber Espionage VER000102624
Data Compromised: Private communications, Metadata
Incident : Espionage VER000102724
Data Compromised: Metadata about communications, Unencrypted voice or text conversations
Incident : Vulnerability Exploit VER203040225
Data Compromised: Call logs, Call histories
Systems Affected: Call Filter feature
Incident : Data Breach VER242071625
Data Compromised: Payment card information, Reservation information
Systems Affected: Sabre Hospitality Solutions’ system
Payment Information Risk: True
Incident : Data Breach VER948072625
Data Compromised: Names, Social security numbers, Dates of birth, Compensation information
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Contact Information, User Ids, Phone Numbers, Device Names, , Full Name, Email Address, Corporate Id Numbers, Phone Number, , Names, Addresses, Account Records, Account Pin Numbers, , Dvr Data, Vod Data, Fios Hydra Data, Encryption And Authentication Keys, Access Tokens, Password Hashes, , Customer Records, Server Logs, Internal System Credentials, Internal Conversations, Secret Internal Verizon Information, , Private Communications, Metadata, , Metadata About Communications, Unencrypted Voice Or Text Conversations, , Call Logs, Call Histories, , Payment Card Information, Reservation Information, , Names, Social Security Numbers, Dates Of Birth, Compensation Information and .
Which entities were affected by each incident ?
Incident : Data Breach VER232118522
Entity Name: Verizon Enterprise Solutions
Entity Type: B2B Unit
Industry: Telecommunications
Customers Affected: 1500000
Incident : Data Breach VER12367622
Entity Name: Verizon
Entity Type: Company
Industry: Telecommunications
Incident : Data Breach VER31211822
Entity Name: Verizon
Entity Type: Telecommunications Company
Industry: Telecommunications
Incident : Data Breach VER919291022
Entity Name: Verizon
Entity Type: Telecommunications Company
Industry: Telecommunications
Customers Affected: 14 million
Incident : Data Leak VER41721823
Entity Name: Verizon
Entity Type: Telecommunications Company
Industry: Telecommunications
Incident : Data Breach VER1744261023
Entity Name: Verizon Enterprise Solutions
Entity Type: Telecommunications
Industry: Telecommunications
Customers Affected: 1.5 million
Incident : Data Breach VER27111223
Entity Name: Verizon
Entity Type: Corporation
Industry: Telecommunications
Incident : Cyber Espionage VER000102624
Entity Name: Verizon
Entity Type: Telecommunications Company
Industry: Telecommunications
Incident : Espionage VER000102724
Entity Name: Verizon
Entity Type: Telecommunications Company
Industry: Telecommunications
Incident : Vulnerability Exploit VER203040225
Entity Name: Verizon
Entity Type: Telecommunications Company
Industry: Telecommunications
Incident : Data Breach VER242071625
Entity Name: Verizon
Entity Type: Corporation
Industry: Telecommunications
Location: United States
Customers Affected: 2
Incident : Data Breach VER948072625
Entity Name: Verizon Communications
Entity Type: Company
Industry: Telecommunications
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach VER232118522
Remediation Measures: Identified and remediated the security vulnerability
Communication Strategy: Informed the affected individuals
Incident : Data Breach VER919291022
Third Party Assistance: Upguard.
Incident : Data Breach VER1744261023
Containment Measures: Vulnerability addressed by experts
Incident : Vulnerability Exploit VER203040225
Remediation Measures: Addressed within a month
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through UpGuard, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach VER232118522
Type of Data Compromised: Contact Information
Number of Records Exposed: 1500000
Incident : Data Breach VER12367622
Type of Data Compromised: User ids, Phone numbers, Device names
Incident : Data Breach VER31211822
Type of Data Compromised: Full name, Email address, Corporate id numbers, Phone number
Number of Records Exposed: Hundreds
Sensitivity of Data: High
Incident : Data Breach VER919291022
Type of Data Compromised: Names, Addresses, Account records, Account pin numbers
Number of Records Exposed: 14 million
Personally Identifiable Information: NamesAddresses
Incident : Data Leak VER41721823
Type of Data Compromised: Dvr data, Vod data, Fios hydra data, Encryption and authentication keys, Access tokens, Password hashes
Sensitivity of Data: High
Incident : Data Breach VER1744261023
Type of Data Compromised: Customer Records
Number of Records Exposed: 1.5 million
Incident : Data Breach VER27111223
Type of Data Compromised: Server logs, Internal system credentials, Internal conversations, Secret internal verizon information
Sensitivity of Data: High
Incident : Cyber Espionage VER000102624
Type of Data Compromised: Private communications, Metadata
Sensitivity of Data: High
Incident : Espionage VER000102724
Type of Data Compromised: Metadata about communications, Unencrypted voice or text conversations
Sensitivity of Data: High
Incident : Vulnerability Exploit VER203040225
Type of Data Compromised: Call logs, Call histories
Sensitivity of Data: High
Incident : Data Breach VER242071625
Type of Data Compromised: Payment card information, Reservation information
Number of Records Exposed: 2
Sensitivity of Data: High
Incident : Data Breach VER948072625
Type of Data Compromised: Names, Social security numbers, Dates of birth, Compensation information
Sensitivity of Data: High
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Identified and remediated the security vulnerability, Addressed within a month, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by vulnerability addressed by experts.
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach VER31211822
Ransom Demanded: $250,000
References
Where can I find more information about each incident ?
Incident : Data Breach VER919291022
Source: UpGuard
Incident : Data Breach VER1744261023
Source: KrebsOnSecurity
Incident : Data Breach VER27111223
Source: Kromtech Security Research Centre
Incident : Data Breach VER948072625
Source: Vermont Office of the Attorney General
Date Accessed: 2024-02-08
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: UpGuard, and Source: KrebsOnSecurity, and Source: Kromtech Security Research Centre, and Source: Montana Department of JusticeDate Accessed: 2017-07-20, and Source: Vermont Office of the Attorney GeneralDate Accessed: 2024-02-08.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Informed the affected individuals.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach VER31211822
Entry Point: Remote Access
Incident : Data Leak VER41721823
Entry Point: Misconfigured Database
Incident : Data Breach VER1744261023
Entry Point: Security holes in Verizon's systems
Incident : Data Breach VER27111223
Entry Point: Unprotected Amazon S3 bucket
Incident : Cyber Espionage VER000102624
High Value Targets: Donald Trump, Jd Vance,
Data Sold on Dark Web: Donald Trump, Jd Vance,
Incident : Espionage VER000102724
High Value Targets: Donald Trump, J.D. Vance,
Data Sold on Dark Web: Donald Trump, J.D. Vance,
Incident : Vulnerability Exploit VER203040225
High Value Targets: High-Profile Individuals,
Data Sold on Dark Web: High-Profile Individuals,
Incident : Data Breach VER242071625
Entry Point: Sabre Hospitality Solutions’ system
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach VER232118522
Root Causes: Security Vulnerabilities in Verizon’s Web site
Corrective Actions: Identified and remediated the security vulnerability
Incident : Data Breach VER31211822
Root Causes: Social Engineering, Lack of Employee Awareness
Incident : Data Leak VER41721823
Root Causes: Incorrectly configured database
Incident : Data Breach VER1744261023
Root Causes: Security holes in Verizon's systems
Corrective Actions: Vulnerability addressed by experts
Incident : Data Breach VER27111223
Root Causes: Misconfiguration
Incident : Vulnerability Exploit VER203040225
Root Causes: Unverified Jwt Payload,
Corrective Actions: Addressed Within A Month,
Incident : Data Breach VER242071625
Root Causes: Unauthorized access to Sabre Hospitality Solutions’ system
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Upguard, .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Identified and remediated the security vulnerability, Vulnerability addressed by experts, Addressed Within A Month, .
Additional Questions
General Information
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was $250,000.
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Unspecified Hacker, Unknown Hacker, Unknown, Salt Typhoon and Salt Typhoon.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on February 2025.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-02-08.
What was the most recent incident resolved ?
Most Recent Incident Resolved: The most recent incident resolved was on March 2025.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Customer Contact Information, user IDs, phone numbers, device names, , Full Name, Email Address, Corporate ID Numbers, Phone Number, , Names, Addresses, Account Records, Account PIN Numbers, , DVR data, VOD data, Fios Hydra data, Encryption and authentication keys, Access tokens, Password hashes, , 1.5 million customer records, Server logs, Internal system credentials, Internal conversations, Secret internal Verizon information, , Private Communications, Metadata, , Metadata about communications, Unencrypted voice or text conversations, , Call logs, Call histories, , payment card information, reservation information, , names, Social Security numbers, dates of birth, compensation information and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Internal Tool and DVRVODFios Hydra and Distributed Vision Services (DVS)Verizon Wireless domain and Call Filter feature and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was upguard, .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Vulnerability addressed by experts.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Social Security numbers, DVR data, Internal system credentials, Names, device names, reservation information, Full Name, Encryption and authentication keys, Private Communications, Fios Hydra data, Server logs, payment card information, 1.5 million customer records, compensation information, Secret internal Verizon information, Internal conversations, Email Address, Unencrypted voice or text conversations, Call logs, Corporate ID Numbers, Metadata, Addresses, VOD data, Call histories, dates of birth, Metadata about communications, phone numbers, user IDs, Account PIN Numbers, Phone Number, Customer Contact Information, names, Access tokens, Account Records and Password hashes.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 15.5M.
Ransomware Information
What was the highest ransom demanded in a ransomware incident ?
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was $250,000.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Kromtech Security Research Centre, Vermont Office of the Attorney General, UpGuard, KrebsOnSecurity and Montana Department of Justice.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Security holes in Verizon's systems, Misconfigured Database, Sabre Hospitality Solutions’ system, Remote Access and Unprotected Amazon S3 bucket.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Security Vulnerabilities in Verizon’s Web site, Social Engineering, Lack of Employee Awareness, Incorrectly configured database, Security holes in Verizon's systems, Misconfiguration, Unverified JWT payload, Unauthorized access to Sabre Hospitality Solutions’ system.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Identified and remediated the security vulnerability, Vulnerability addressed by experts, Addressed within a month.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by allowing an authenticated user to bypass intended permission restrictions via a crafted HTTP request. This allows an attacker who lacks the live queries - read permission to successfully retrieve the list of live queries.
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Description
Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue.
Risk Information
cvss3
Base: 9.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Description
Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation (CAPEC-130) of memory and a denial of service (DoS) via crafted HTTP request.
Risk Information
cvss3
Base: 4.9
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Description
Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) of computing resources and a denial of service (DoS) of the Kibana process via a crafted HTTP request.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Description
Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an unauthenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting (XSS) (CAPEC-63) via a vulnerability a function handler in the Vega AST evaluator.
Risk Information
cvss3
Base: 6.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=verizon' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
