Verizon Business
Company Details
Linkedin ID:
verizonbusiness
Website:
Employees number:
16,452
Number of followers:
368,708
NAICS:
5415
Industry Type:
Homepage:
verizon.com
IP Addresses:
0
Company ID:
VER_8666855
Scan Status:
In-progress
Verizon Business Company CyberSecurity Posture
verizon.com
You’re more than a business, agency or organization leader. We’re more than the usual network that provides reliable coverage. Together, we can empower you and your people.
Verizon Business A.I CyberSecurity Scoring
Verizon Business Risk Score (AI oriented)Between 750 and 799
Verizon Business
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Verizon Business Global Score (TPRM)XXXX
Verizon Business
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Verizon Business Company CyberSecurity News & History
Past Incidents
12
Attack Types
4
Verizon
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: On July 20, 2017, the Montana Department of Justice reported a data breach involving Verizon. The breach occurred due to unauthorized access to payment card and reservation information through Sabre Hospitality Solutions’ system. The breach was first accessed on August 10, 2016, and the last access was recorded on March 9, 2017, affecting 2 individuals. The unauthorized access resulted in the potential compromise of sensitive customer information, posing risks to their financial and personal data.
Verizon Communications
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The Vermont Office of the Attorney General reported on February 8, 2024, that Verizon Communications experienced a data breach on or around September 21, 2023. The breach involved unauthorized access to employee personal information, potentially affecting individuals' names, Social Security numbers, dates of birth, and compensation information. The number of individuals affected has not been disclosed.
Verizon
Breach
Rankiteo Explanation
Attack that could bring to a war
Description: Chinese state-sponsored hackers, identified as Salt Typhoon, penetrated Verizon's network with the intention of obtaining sensitive phone communications, including those involving Donald Trump and J.D. Vance, potentially affecting the upcoming 2024 US presidential election. The breach may have compromised metadata about communications and possibly exposed unencrypted voice or text conversations. The security incident signifies a substantial espionage threat by harvesting information that could be used for influence operations.
Verizon
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Specialists at the Kromtech Security Research Centre have uncovered a fresh Verizon breach that revealed private and delicate information on internal networks. Server logs and internal system credentials are among the many documents that have been leaked; the vast collection of papers was discovered on an unprotected Amazon S3 bucket. The archive appears to make reference to internal systems used by Verizon Wireless, called Distributed Vision Services (DVS). DVS is a middleware system that the business uses to transfer data from back-end systems to front-end applications that employees and staff in call centres and stores utilise. 129 Outlook messages with internal conversations within the Verizon Wireless domain were found in another folder, and other folders included secret internal Verizon information.
Verizon
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: A hacker obtained a database that included the full name, email address, corporate ID numbers, and phone number of hundreds of Verizon employees. The hackers confirmed that gained access to a Verizon internal tool that shows employee’s information, and wrote a script to query and scrape the database after convincing a Verizon employee to give them remote access to their corporate computer. The hackers demanded $250,000 as a reward for not leaking their entire employee database.
Verizon
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: KrebsOnSecurity claims that information that was exposed during a Verizon Enterprise Solutions security breach is accessible to cybercriminals. Verizon Enterprise is selling the records of 1.5 million of its customers; the full archive is being offered for $100,000, but purchasers can also purchase a bundle of 100,000 records for $10,000. Additionally, the hackers provided knowledge regarding Verizon security holes that probably made it possible to breach one of the company's systems. Representatives from Verizon Enterprise have acknowledged the website's data breach and the existence of the vulnerability that the attackers used, which has since been addressed by the company's experts. The business stated that no further data or customer-specific proprietary network information was accessed by the hackers.
Verizon
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Verizon suffered from a security breach that exposed 14 million customer accounts. A hacker obtained a database that included names, addresses, account records and account PIN numbers. The database and its terabytes of internal information were discovered without any real protection, according to cybersecurity company UpGuard, by one of its researchers.
Verizon
Cyber Attack
Rankiteo Explanation
Attack that could bring to a war
Description: Verizon's network was breached by Chinese hackers codenamed Salt Typhoon, who targeted high-profile individuals including Donald Trump and JD Vance. Officials suggest this breach could have allowed access to private communications and metadata, raising concerns about potential influence operations or espionage. Although the full extent of the data accessed is unclear, metadata alone could reveal sensitive information about the individuals' contacts and communication patterns. This incident showcases the susceptibility of telecommunications infrastructures to sophisticated cyber espionage and its potential implications on national security.
Verizon
Data Leak
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Vickery found a Verizon database set up for public access with no password or other form of verification. The database contains enormous amounts of data and metadata for DVR, VOD, and Fios Hydra services, as well as private Verizon encryption and authentication keys (PSKs), access tokens, and password hashes. Vickery quickly notified Verizon about the cybersecurity vulnerability after seeing the incorrectly configured database. The alert was instantly raised, but it took the corporation weeks to fix the problem. Verizon's data was offered for sale on a darknet forum for $100,000. Additionally, the crooks sold details on the firm's cybersecurity weaknesses.
Verizon
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A vulnerability was found in Verizon's Call Filter feature, permitting customers to access call logs of other Verizon users due to an unsecured API request. Discovered by Evan Connelly in February 2025, it was addressed by Verizon within a month. The issue stemmed from an API endpoint that did not verify if the phone number in the JWT payload matched the number whose call logs were retrieved, thus allowing users to view others' call histories. This security lapse presented risks particularly to high-profile individuals, with the potential to map out their daily routines and personal networks through call metadata.
Verizon
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A vulnerability in Verizon’s in Verizon’s online customer service system. The exposed information included only user IDs, phone numbers, and device names.
Verizon Business
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: Verizon Enterprise Solutions, a B2B unit of the telecommunications giant suffered a data breach incident after a third party offered a database containing the contact information on some 1.5 million customers for sale. The attackers offered the entire package at $100,000, and also the information about security vulnerabilities in Verizon’s Web site that permitted them to steal customer contact information, . Verizon identified and remediated the security vulnerability and also informed the affected individuals.
Verizon Business Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Verizon Business
Incidents vs IT Services and IT Consulting Industry Average (This Year)
No incidents recorded for Verizon Business in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Verizon Business in 2025.
Incident Types Verizon Business vs IT Services and IT Consulting Industry Avg (This Year)
No incidents recorded for Verizon Business in 2025.
Incident History — Verizon Business (X = Date, Y = Severity)
Verizon Business cyber incidents detection timeline including parent company and subsidiaries
Verizon Business Company Subsidiaries
You’re more than a business, agency or organization leader. We’re more than the usual network that provides reliable coverage. Together, we can empower you and your people.
Loading...
Verizon Business Similar Companies
UST
UST is a global digital transformation solutions provider. For more than 20 years, UST has worked side by side with the world’s best companies to make a real impact through transformation. Powered by technology, inspired by people and led by purpose, UST partners with their clients from design to op
LexisNexis
LexisNexis Legal & Professional is a leading global provider of legal, regulatory and business information and analytics that help customers increase productivity, improve decision-making and outcomes, and advance the rule of law around the world. We help lawyers win cases, manage their work more e
GlobalLogic Latinoamérica
GlobalLogic, una empresa del grupo Hitachi, es líder en ingeniería digital en Latinoamérica. Ayudamos a diferentes marcas a diseñar y crear productos, plataformas y experiencias digitales innovadoras para el mundo moderno. Al integrar el diseño de experiencia, la ingeniería compleja y la exper
Samsung SDS
Samsung SDS provides cloud computing and digital logistics services. We build an optimized cloud environment with Samsung Cloud Platform specialized for businesses, provide all-in-one management service based on 38 years of expertise in each industry, and boost work efficiency and customer service w
Experis Brasil
Talent and solutions to drive innovation. When it comes to IT, having the right talent and focus means you can harness the power of technology to make smarter, faster decisions; connect more strongly with your customers; and drive innovation in your marketplace. At Experis IT, our prowess in pro
Akkodis
Akkodis is a global digital engineering company and Smart Industry leader. We enable clients to advance in their digital transformation with Talent, Academy, Consulting, and Solutions services. Our 50,000 experts combine best-in-class technologies, R&D, and deep sector know-how for purposeful innova
Atos
Atos Group is a global leader in digital transformation with c. 70,000 employees and annual revenue of c. € 10 billion, operating in 67 countries under two brands — Atos for services and Eviden for products. European number one in cybersecurity, cloud and high-performance computing, Atos Group is c
General Dynamics Information Technology
GDIT is a global technology and professional services company that delivers solutions, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solut
NTT DATA North America
NTT DATA, Inc. is a trusted global innovator of business and technology services. We're committed to helping clients innovate, optimize and transform for long-term success. Our R&D investments help organizations and society move confidently and sustainably into the digital future. As a Global Top Em
.png)
Verizon Business CyberSecurity News
November 02, 2025 07:00 AM
AI-Powered Attacks Surge: Organizations Face Major Mobile Security Risks
As mobile devices become central to daily business operations, small business owners face a pressing cybersecurity dilemma.
October 25, 2025 07:00 AM
How AI & Human Error Drive a Surge in Mobile Cyberattacks
Verizon's 2025 MSI finds 85% see mobile attacks rise as 93% use Gen AI, but only 17% deploy AI-specific controls, leaving human error and...
October 24, 2025 07:00 AM
Verizon: AI and Human Error Fuel Mobile Security Threats
Verizon Business's Chris Novak discusses how AI and human error are creating a perfect storm of mobile security threats for businesses of...
October 23, 2025 07:00 AM
AI-driven mobile threats & human error reshape global security
Verizon's Mobile Security Index reveals a surge in AI-driven mobile threats and human error, reshaping global organisational security risks...
October 22, 2025 07:00 AM
Verizon: AI, mobile devices are brewing ‘perfect storm’ for security
Mobile devices are under attack now more than ever, according to the Verizon 2025 Mobile Security Index.
October 22, 2025 07:00 AM
Verizon: Mobile Blindspot Means Needless Data Breaches
Enterprise cybersecurity risks from employees using their personal phones for work are rising, but companies aren't adopting solutions...
October 21, 2025 07:00 AM
Verizon says “We Got You” this Cybersecurity Awareness Month
Introducing new security solutions, including Digital Secure Home and a refreshed Verizon Protect App, for more control over your home,...
October 20, 2025 09:48 PM
ICASA Boosts Cybersecurity with CRP
For a 140-year-old business, Inversiones Centroamericanas SA (ICASA) is very much focused on the future. In fact, it is focused relentlessly on innovation...
September 25, 2025 07:00 AM
Employee Cyber Security Training For Small Business
Deploying best practices · Assess your needs. · Develop a list of training objectives. · Train on specific security risks and scenarios.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Verizon Business CyberSecurity History Information
Official Website of Verizon Business
The official website of Verizon Business is https://vzbiz.biz/3M52BFD.
Verizon Business’s AI-Generated Cybersecurity Score
According to Rankiteo, Verizon Business’s AI-generated cybersecurity score is 775, reflecting their Fair security posture.
How many security badges does Verizon Business’ have ?
According to Rankiteo, Verizon Business currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Verizon Business have SOC 2 Type 1 certification ?
According to Rankiteo, Verizon Business is not certified under SOC 2 Type 1.
Does Verizon Business have SOC 2 Type 2 certification ?
According to Rankiteo, Verizon Business does not hold a SOC 2 Type 2 certification.
Does Verizon Business comply with GDPR ?
According to Rankiteo, Verizon Business is not listed as GDPR compliant.
Does Verizon Business have PCI DSS certification ?
According to Rankiteo, Verizon Business does not currently maintain PCI DSS compliance.
Does Verizon Business comply with HIPAA ?
According to Rankiteo, Verizon Business is not compliant with HIPAA regulations.
Does Verizon Business have ISO 27001 certification ?
According to Rankiteo,Verizon Business is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Verizon Business
Verizon Business operates primarily in the IT Services and IT Consulting industry.
Number of Employees at Verizon Business
Verizon Business employs approximately 16,452 people worldwide.
Subsidiaries Owned by Verizon Business
Verizon Business presently has no subsidiaries across any sectors.
Verizon Business’s LinkedIn Followers
Verizon Business’s official LinkedIn profile has approximately 368,708 followers.
NAICS Classification of Verizon Business
Verizon Business is classified under the NAICS code 5415, which corresponds to Computer Systems Design and Related Services.
Verizon Business’s Presence on Crunchbase
No, Verizon Business does not have a profile on Crunchbase.
Verizon Business’s Presence on LinkedIn
Yes, Verizon Business maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/verizonbusiness.
Cybersecurity Incidents Involving Verizon Business
As of December 15, 2025, Rankiteo reports that Verizon Business has experienced 12 cybersecurity incidents.
Number of Peer and Competitor Companies
Verizon Business has an estimated 37,745 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Verizon Business ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak, Vulnerability, Breach and Cyber Attack.
How does Verizon Business detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with identified and remediated the security vulnerability, and communication strategy with informed the affected individuals, and third party assistance with upguard, and containment measures with vulnerability addressed by experts, and remediation measures with addressed within a month..
Incident Details
Can you provide details on each incident ?
Title: Verizon Enterprise Solutions Data Breach
Description: Verizon Enterprise Solutions, a B2B unit of the telecommunications giant suffered a data breach incident after a third party offered a database containing the contact information on some 1.5 million customers for sale.
Type: Data Breach
Attack Vector: Exploitation of Web Vulnerabilities
Vulnerability Exploited: Security Vulnerabilities in Verizon’s Web site
Motivation: Financial Gain
Title: Verizon Online Customer Service System Vulnerability
Description: A vulnerability in Verizon’s online customer service system resulted in the exposure of user IDs, phone numbers, and device names.
Type: Data Breach
Vulnerability Exploited: Online customer service system vulnerability
Title: Verizon Employee Database Breach
Description: A hacker obtained a database that included the full name, email address, corporate ID numbers, and phone number of hundreds of Verizon employees. The hackers confirmed that they gained access to a Verizon internal tool that shows employee’s information, and wrote a script to query and scrape the database after convincing a Verizon employee to give them remote access to their corporate computer. The hackers demanded $250,000 as a reward for not leaking their entire employee database.
Type: Data Breach
Attack Vector: Social Engineering, Remote Access
Vulnerability Exploited: Human Factor
Threat Actor: Unspecified Hacker
Motivation: Financial Gain
Title: Verizon Security Breach
Description: Verizon suffered from a security breach that exposed 14 million customer accounts. A hacker obtained a database that included names, addresses, account records and account PIN numbers. The database and its terabytes of internal information were discovered without any real protection, according to cybersecurity company UpGuard, by one of its researchers.
Type: Data Breach
Vulnerability Exploited: Unprotected Database
Threat Actor: Unknown Hacker
Title: Verizon Data Leak
Description: Vickery found a Verizon database set up for public access with no password or other form of verification. The database contains enormous amounts of data and metadata for DVR, VOD, and Fios Hydra services, as well as private Verizon encryption and authentication keys (PSKs), access tokens, and password hashes. Vickery quickly notified Verizon about the cybersecurity vulnerability after seeing the incorrectly configured database. The alert was instantly raised, but it took the corporation weeks to fix the problem. Verizon's data was offered for sale on a darknet forum for $100,000. Additionally, the crooks sold details on the firm's cybersecurity weaknesses.
Type: Data Leak
Attack Vector: Misconfigured Database
Vulnerability Exploited: Incorrectly configured database
Motivation: Financial GainInformation Selling
Title: Verizon Enterprise Solutions Security Breach
Description: KrebsOnSecurity claims that information that was exposed during a Verizon Enterprise Solutions security breach is accessible to cybercriminals. Verizon Enterprise is selling the records of 1.5 million of its customers; the full archive is being offered for $100,000, but purchasers can also purchase a bundle of 100,000 records for $10,000. Additionally, the hackers provided knowledge regarding Verizon security holes that probably made it possible to breach one of the company's systems. Representatives from Verizon Enterprise have acknowledged the website's data breach and the existence of the vulnerability that the attackers used, which has since been addressed by the company's experts. The business stated that no further data or customer-specific proprietary network information was accessed by the hackers.
Type: Data Breach
Attack Vector: Exploiting Security Vulnerability
Vulnerability Exploited: Security holes in Verizon's systems
Threat Actor: Unknown
Motivation: Financial GainData Sale
Title: Verizon Data Breach
Description: Specialists at the Kromtech Security Research Centre have uncovered a fresh Verizon breach that revealed private and delicate information on internal networks. Server logs and internal system credentials are among the many documents that have been leaked; the vast collection of papers was discovered on an unprotected Amazon S3 bucket. The archive appears to make reference to internal systems used by Verizon Wireless, called Distributed Vision Services (DVS). DVS is a middleware system that the business uses to transfer data from back-end systems to front-end applications that employees and staff in call centres and stores utilise. 129 Outlook messages with internal conversations within the Verizon Wireless domain were found in another folder, and other folders included secret internal Verizon information.
Type: Data Breach
Attack Vector: Unprotected Amazon S3 bucket
Vulnerability Exploited: Misconfiguration
Title: Verizon Network Breach by Salt Typhoon
Description: Verizon's network was breached by Chinese hackers codenamed Salt Typhoon, who targeted high-profile individuals including Donald Trump and JD Vance. Officials suggest this breach could have allowed access to private communications and metadata, raising concerns about potential influence operations or espionage. Although the full extent of the data accessed is unclear, metadata alone could reveal sensitive information about the individuals' contacts and communication patterns. This incident showcases the susceptibility of telecommunications infrastructures to sophisticated cyber espionage and its potential implications on national security.
Type: Cyber Espionage
Threat Actor: Salt Typhoon
Motivation: Influence OperationsEspionage
Title: Chinese State-Sponsored Hackers Breach Verizon's Network
Description: Chinese state-sponsored hackers, identified as Salt Typhoon, penetrated Verizon's network with the intention of obtaining sensitive phone communications, including those involving Donald Trump and J.D. Vance, potentially affecting the upcoming 2024 US presidential election. The breach may have compromised metadata about communications and possibly exposed unencrypted voice or text conversations. The security incident signifies a substantial espionage threat by harvesting information that could be used for influence operations.
Type: Espionage
Attack Vector: Network Penetration
Threat Actor: Salt Typhoon
Motivation: Espionage, Influence Operations
Title: Verizon Call Filter Vulnerability
Description: A vulnerability was found in Verizon's Call Filter feature, permitting customers to access call logs of other Verizon users due to an unsecured API request. Discovered by Evan Connelly in February 2025, it was addressed by Verizon within a month. The issue stemmed from an API endpoint that did not verify if the phone number in the JWT payload matched the number whose call logs were retrieved, thus allowing users to view others' call histories. This security lapse presented risks particularly to high-profile individuals, with the potential to map out their daily routines and personal networks through call metadata.
Date Detected: February 2025
Date Resolved: March 2025
Type: Vulnerability Exploit
Attack Vector: Unsecured API
Vulnerability Exploited: Unverified JWT payload
Title: Data Breach Involving Verizon through Sabre Hospitality Solutions
Description: Unauthorized access to payment card and reservation information through Sabre Hospitality Solutions’ system.
Date Detected: 2017-07-20
Date Publicly Disclosed: 2017-07-20
Type: Data Breach
Attack Vector: Unauthorized Access
Title: Verizon Communications Data Breach
Description: Unauthorized access to employee personal information, potentially affecting individuals' names, Social Security numbers, dates of birth, and compensation information.
Date Detected: 2023-09-21
Date Publicly Disclosed: 2024-02-08
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Remote Access, Misconfigured Database, Security holes in Verizon's systems, Unprotected Amazon S3 bucket and Sabre Hospitality Solutions’ system.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach VER232118522
Data Compromised: Customer Contact Information
Incident : Data Breach VER12367622
Data Compromised: User ids, Phone numbers, Device names
Incident : Data Breach VER31211822
Data Compromised: Full name, Email address, Corporate id numbers, Phone number
Systems Affected: Internal Tool
Incident : Data Breach VER919291022
Data Compromised: Names, Addresses, Account records, Account pin numbers
Incident : Data Leak VER41721823
Data Compromised: Dvr data, Vod data, Fios hydra data, Encryption and authentication keys, Access tokens, Password hashes
Systems Affected: DVRVODFios Hydra
Incident : Data Breach VER1744261023
Data Compromised: 1.5 million customer records
Incident : Data Breach VER27111223
Data Compromised: Server logs, Internal system credentials, Internal conversations, Secret internal verizon information
Systems Affected: Distributed Vision Services (DVS)Verizon Wireless domain
Incident : Cyber Espionage VER000102624
Data Compromised: Private communications, Metadata
Incident : Espionage VER000102724
Data Compromised: Metadata about communications, Unencrypted voice or text conversations
Incident : Vulnerability Exploit VER203040225
Data Compromised: Call logs, Call histories
Systems Affected: Call Filter feature
Incident : Data Breach VER242071625
Data Compromised: Payment card information, Reservation information
Systems Affected: Sabre Hospitality Solutions’ system
Payment Information Risk: True
Incident : Data Breach VER948072625
Data Compromised: Names, Social security numbers, Dates of birth, Compensation information
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Contact Information, User Ids, Phone Numbers, Device Names, , Full Name, Email Address, Corporate Id Numbers, Phone Number, , Names, Addresses, Account Records, Account Pin Numbers, , Dvr Data, Vod Data, Fios Hydra Data, Encryption And Authentication Keys, Access Tokens, Password Hashes, , Customer Records, Server Logs, Internal System Credentials, Internal Conversations, Secret Internal Verizon Information, , Private Communications, Metadata, , Metadata About Communications, Unencrypted Voice Or Text Conversations, , Call Logs, Call Histories, , Payment Card Information, Reservation Information, , Names, Social Security Numbers, Dates Of Birth, Compensation Information and .
Which entities were affected by each incident ?
Incident : Data Breach VER232118522
Entity Name: Verizon Enterprise Solutions
Entity Type: B2B Unit
Industry: Telecommunications
Customers Affected: 1500000
Incident : Data Breach VER12367622
Entity Name: Verizon
Entity Type: Company
Industry: Telecommunications
Incident : Data Breach VER31211822
Entity Name: Verizon
Entity Type: Telecommunications Company
Industry: Telecommunications
Incident : Data Breach VER919291022
Entity Name: Verizon
Entity Type: Telecommunications Company
Industry: Telecommunications
Customers Affected: 14 million
Incident : Data Leak VER41721823
Entity Name: Verizon
Entity Type: Telecommunications Company
Industry: Telecommunications
Incident : Data Breach VER1744261023
Entity Name: Verizon Enterprise Solutions
Entity Type: Telecommunications
Industry: Telecommunications
Customers Affected: 1.5 million
Incident : Data Breach VER27111223
Entity Name: Verizon
Entity Type: Corporation
Industry: Telecommunications
Incident : Cyber Espionage VER000102624
Entity Name: Verizon
Entity Type: Telecommunications Company
Industry: Telecommunications
Incident : Espionage VER000102724
Entity Name: Verizon
Entity Type: Telecommunications Company
Industry: Telecommunications
Incident : Vulnerability Exploit VER203040225
Entity Name: Verizon
Entity Type: Telecommunications Company
Industry: Telecommunications
Incident : Data Breach VER242071625
Entity Name: Verizon
Entity Type: Corporation
Industry: Telecommunications
Location: United States
Customers Affected: 2
Incident : Data Breach VER948072625
Entity Name: Verizon Communications
Entity Type: Company
Industry: Telecommunications
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach VER232118522
Remediation Measures: Identified and remediated the security vulnerability
Communication Strategy: Informed the affected individuals
Incident : Data Breach VER919291022
Third Party Assistance: Upguard.
Incident : Data Breach VER1744261023
Containment Measures: Vulnerability addressed by experts
Incident : Vulnerability Exploit VER203040225
Remediation Measures: Addressed within a month
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through UpGuard, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach VER232118522
Type of Data Compromised: Contact Information
Number of Records Exposed: 1500000
Incident : Data Breach VER12367622
Type of Data Compromised: User ids, Phone numbers, Device names
Incident : Data Breach VER31211822
Type of Data Compromised: Full name, Email address, Corporate id numbers, Phone number
Number of Records Exposed: Hundreds
Sensitivity of Data: High
Incident : Data Breach VER919291022
Type of Data Compromised: Names, Addresses, Account records, Account pin numbers
Number of Records Exposed: 14 million
Personally Identifiable Information: NamesAddresses
Incident : Data Leak VER41721823
Type of Data Compromised: Dvr data, Vod data, Fios hydra data, Encryption and authentication keys, Access tokens, Password hashes
Sensitivity of Data: High
Incident : Data Breach VER1744261023
Type of Data Compromised: Customer Records
Number of Records Exposed: 1.5 million
Incident : Data Breach VER27111223
Type of Data Compromised: Server logs, Internal system credentials, Internal conversations, Secret internal verizon information
Sensitivity of Data: High
Incident : Cyber Espionage VER000102624
Type of Data Compromised: Private communications, Metadata
Sensitivity of Data: High
Incident : Espionage VER000102724
Type of Data Compromised: Metadata about communications, Unencrypted voice or text conversations
Sensitivity of Data: High
Incident : Vulnerability Exploit VER203040225
Type of Data Compromised: Call logs, Call histories
Sensitivity of Data: High
Incident : Data Breach VER242071625
Type of Data Compromised: Payment card information, Reservation information
Number of Records Exposed: 2
Sensitivity of Data: High
Incident : Data Breach VER948072625
Type of Data Compromised: Names, Social security numbers, Dates of birth, Compensation information
Sensitivity of Data: High
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Identified and remediated the security vulnerability, Addressed within a month, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by vulnerability addressed by experts.
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach VER31211822
Ransom Demanded: $250,000
References
Where can I find more information about each incident ?
Incident : Data Breach VER919291022
Source: UpGuard
Incident : Data Breach VER1744261023
Source: KrebsOnSecurity
Incident : Data Breach VER27111223
Source: Kromtech Security Research Centre
Incident : Data Breach VER948072625
Source: Vermont Office of the Attorney General
Date Accessed: 2024-02-08
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: UpGuard, and Source: KrebsOnSecurity, and Source: Kromtech Security Research Centre, and Source: Montana Department of JusticeDate Accessed: 2017-07-20, and Source: Vermont Office of the Attorney GeneralDate Accessed: 2024-02-08.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Informed the affected individuals.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach VER31211822
Entry Point: Remote Access
Incident : Data Leak VER41721823
Entry Point: Misconfigured Database
Incident : Data Breach VER1744261023
Entry Point: Security holes in Verizon's systems
Incident : Data Breach VER27111223
Entry Point: Unprotected Amazon S3 bucket
Incident : Cyber Espionage VER000102624
High Value Targets: Donald Trump, Jd Vance,
Data Sold on Dark Web: Donald Trump, Jd Vance,
Incident : Espionage VER000102724
High Value Targets: Donald Trump, J.D. Vance,
Data Sold on Dark Web: Donald Trump, J.D. Vance,
Incident : Vulnerability Exploit VER203040225
High Value Targets: High-Profile Individuals,
Data Sold on Dark Web: High-Profile Individuals,
Incident : Data Breach VER242071625
Entry Point: Sabre Hospitality Solutions’ system
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach VER232118522
Root Causes: Security Vulnerabilities in Verizon’s Web site
Corrective Actions: Identified and remediated the security vulnerability
Incident : Data Breach VER31211822
Root Causes: Social Engineering, Lack of Employee Awareness
Incident : Data Leak VER41721823
Root Causes: Incorrectly configured database
Incident : Data Breach VER1744261023
Root Causes: Security holes in Verizon's systems
Corrective Actions: Vulnerability addressed by experts
Incident : Data Breach VER27111223
Root Causes: Misconfiguration
Incident : Vulnerability Exploit VER203040225
Root Causes: Unverified Jwt Payload,
Corrective Actions: Addressed Within A Month,
Incident : Data Breach VER242071625
Root Causes: Unauthorized access to Sabre Hospitality Solutions’ system
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Upguard, .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Identified and remediated the security vulnerability, Vulnerability addressed by experts, Addressed Within A Month, .
Additional Questions
General Information
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was $250,000.
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Unspecified Hacker, Unknown Hacker, Unknown, Salt Typhoon and Salt Typhoon.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on February 2025.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-02-08.
What was the most recent incident resolved ?
Most Recent Incident Resolved: The most recent incident resolved was on March 2025.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Customer Contact Information, user IDs, phone numbers, device names, , Full Name, Email Address, Corporate ID Numbers, Phone Number, , Names, Addresses, Account Records, Account PIN Numbers, , DVR data, VOD data, Fios Hydra data, Encryption and authentication keys, Access tokens, Password hashes, , 1.5 million customer records, Server logs, Internal system credentials, Internal conversations, Secret internal Verizon information, , Private Communications, Metadata, , Metadata about communications, Unencrypted voice or text conversations, , Call logs, Call histories, , payment card information, reservation information, , names, Social Security numbers, dates of birth, compensation information and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Internal Tool and DVRVODFios Hydra and Distributed Vision Services (DVS)Verizon Wireless domain and Call Filter feature and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was upguard, .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Vulnerability addressed by experts.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Call histories, names, dates of birth, device names, user IDs, payment card information, Internal conversations, Secret internal Verizon information, Email Address, Addresses, Phone Number, phone numbers, Encryption and authentication keys, Password hashes, Metadata, Account Records, Private Communications, VOD data, Unencrypted voice or text conversations, Metadata about communications, Account PIN Numbers, Corporate ID Numbers, Names, Full Name, Social Security numbers, Fios Hydra data, 1.5 million customer records, compensation information, Access tokens, Call logs, Customer Contact Information, Internal system credentials, Server logs, reservation information and DVR data.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 15.5M.
Ransomware Information
What was the highest ransom demanded in a ransomware incident ?
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was $250,000.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are KrebsOnSecurity, Vermont Office of the Attorney General, Montana Department of Justice, UpGuard and Kromtech Security Research Centre.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Sabre Hospitality Solutions’ system, Unprotected Amazon S3 bucket, Misconfigured Database, Security holes in Verizon's systems and Remote Access.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Security Vulnerabilities in Verizon’s Web site, Social Engineering, Lack of Employee Awareness, Incorrectly configured database, Security holes in Verizon's systems, Misconfiguration, Unverified JWT payload, Unauthorized access to Sabre Hospitality Solutions’ system.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Identified and remediated the security vulnerability, Vulnerability addressed by experts, Addressed within a month.
.png)
Latest Global CVEs (Not Company-Specific)
Description
NXLog Agent before 6.11 can load a file specified by the OPENSSL_CONF environment variable.
Risk Information
cvss3
Base: 8.1
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Description
uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.
Risk Information
cvss3
Base: 2.9
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Description
A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is sufficient to fix this issue. You should upgrade the affected component. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."
Risk Information
cvss2
Base: 5.0
Severity: LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.
Risk Information
cvss3
Base: 4.5
Severity: HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L
Description
A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).
Risk Information
cvss3
Base: 5.8
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=verizonbusiness' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
