Verizon
Company Details
Linkedin ID:
verizon
Website:
Employees number:
99,359
Number of followers:
1,444,845
NAICS:
5415
Industry Type:
Homepage:
verizon.com
IP Addresses:
0
Company ID:
VER_1131816
Scan Status:
In-progress
Verizon Company CyberSecurity Posture
verizon.com
We get you. You want more out of a career. A place to share your ideas freely — even if they’re daring or different. Where the true you can learn, grow, and thrive. You’ll find all that here. Because we empower you. We power and empower how people live, work and play by connecting them to what brings them joy. The same is true inside our walls. We do what we love — driving innovation, creativity, and impact in the world. And wherever you go, we got your back. This is a team sport. Our V Team is a community of people who anticipate, lead, and believe that listening is where learning begins. In crisis and in celebration, we come together— lifting our communities and building trust in how we show up, everywhere & always. Want in? Join the V Team Life.
Verizon A.I CyberSecurity Scoring
Verizon Risk Score (AI oriented)Between 700 and 749
Verizon
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Verizon Global Score (TPRM)XXXX
Verizon
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Verizon Company CyberSecurity News & History
Past Incidents
12
Attack Types
4
Verizon
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: On July 20, 2017, the Montana Department of Justice reported a data breach involving Verizon. The breach occurred due to unauthorized access to payment card and reservation information through Sabre Hospitality Solutions’ system. The breach was first accessed on August 10, 2016, and the last access was recorded on March 9, 2017, affecting 2 individuals. The unauthorized access resulted in the potential compromise of sensitive customer information, posing risks to their financial and personal data.
Verizon Communications
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The Vermont Office of the Attorney General reported on February 8, 2024, that Verizon Communications experienced a data breach on or around September 21, 2023. The breach involved unauthorized access to employee personal information, potentially affecting individuals' names, Social Security numbers, dates of birth, and compensation information. The number of individuals affected has not been disclosed.
Verizon
Breach
Rankiteo Explanation
Attack that could bring to a war
Description: Chinese state-sponsored hackers, identified as Salt Typhoon, penetrated Verizon's network with the intention of obtaining sensitive phone communications, including those involving Donald Trump and J.D. Vance, potentially affecting the upcoming 2024 US presidential election. The breach may have compromised metadata about communications and possibly exposed unencrypted voice or text conversations. The security incident signifies a substantial espionage threat by harvesting information that could be used for influence operations.
Verizon
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Specialists at the Kromtech Security Research Centre have uncovered a fresh Verizon breach that revealed private and delicate information on internal networks. Server logs and internal system credentials are among the many documents that have been leaked; the vast collection of papers was discovered on an unprotected Amazon S3 bucket. The archive appears to make reference to internal systems used by Verizon Wireless, called Distributed Vision Services (DVS). DVS is a middleware system that the business uses to transfer data from back-end systems to front-end applications that employees and staff in call centres and stores utilise. 129 Outlook messages with internal conversations within the Verizon Wireless domain were found in another folder, and other folders included secret internal Verizon information.
Verizon
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: A hacker obtained a database that included the full name, email address, corporate ID numbers, and phone number of hundreds of Verizon employees. The hackers confirmed that gained access to a Verizon internal tool that shows employee’s information, and wrote a script to query and scrape the database after convincing a Verizon employee to give them remote access to their corporate computer. The hackers demanded $250,000 as a reward for not leaking their entire employee database.
Verizon
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: KrebsOnSecurity claims that information that was exposed during a Verizon Enterprise Solutions security breach is accessible to cybercriminals. Verizon Enterprise is selling the records of 1.5 million of its customers; the full archive is being offered for $100,000, but purchasers can also purchase a bundle of 100,000 records for $10,000. Additionally, the hackers provided knowledge regarding Verizon security holes that probably made it possible to breach one of the company's systems. Representatives from Verizon Enterprise have acknowledged the website's data breach and the existence of the vulnerability that the attackers used, which has since been addressed by the company's experts. The business stated that no further data or customer-specific proprietary network information was accessed by the hackers.
Verizon
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Verizon suffered from a security breach that exposed 14 million customer accounts. A hacker obtained a database that included names, addresses, account records and account PIN numbers. The database and its terabytes of internal information were discovered without any real protection, according to cybersecurity company UpGuard, by one of its researchers.
Verizon
Cyber Attack
Rankiteo Explanation
Attack that could bring to a war
Description: Verizon's network was breached by Chinese hackers codenamed Salt Typhoon, who targeted high-profile individuals including Donald Trump and JD Vance. Officials suggest this breach could have allowed access to private communications and metadata, raising concerns about potential influence operations or espionage. Although the full extent of the data accessed is unclear, metadata alone could reveal sensitive information about the individuals' contacts and communication patterns. This incident showcases the susceptibility of telecommunications infrastructures to sophisticated cyber espionage and its potential implications on national security.
Verizon
Data Leak
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Vickery found a Verizon database set up for public access with no password or other form of verification. The database contains enormous amounts of data and metadata for DVR, VOD, and Fios Hydra services, as well as private Verizon encryption and authentication keys (PSKs), access tokens, and password hashes. Vickery quickly notified Verizon about the cybersecurity vulnerability after seeing the incorrectly configured database. The alert was instantly raised, but it took the corporation weeks to fix the problem. Verizon's data was offered for sale on a darknet forum for $100,000. Additionally, the crooks sold details on the firm's cybersecurity weaknesses.
Verizon
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A vulnerability was found in Verizon's Call Filter feature, permitting customers to access call logs of other Verizon users due to an unsecured API request. Discovered by Evan Connelly in February 2025, it was addressed by Verizon within a month. The issue stemmed from an API endpoint that did not verify if the phone number in the JWT payload matched the number whose call logs were retrieved, thus allowing users to view others' call histories. This security lapse presented risks particularly to high-profile individuals, with the potential to map out their daily routines and personal networks through call metadata.
Verizon
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A vulnerability in Verizon’s in Verizon’s online customer service system. The exposed information included only user IDs, phone numbers, and device names.
Verizon Business
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: Verizon Enterprise Solutions, a B2B unit of the telecommunications giant suffered a data breach incident after a third party offered a database containing the contact information on some 1.5 million customers for sale. The attackers offered the entire package at $100,000, and also the information about security vulnerabilities in Verizon’s Web site that permitted them to steal customer contact information, . Verizon identified and remediated the security vulnerability and also informed the affected individuals.
Verizon Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Verizon
Incidents vs IT Services and IT Consulting Industry Average (This Year)
Verizon has 38.89% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Verizon has 29.87% more incidents than the average of all companies with at least one recorded incident.
Incident Types Verizon vs IT Services and IT Consulting Industry Avg (This Year)
Verizon reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 1 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — Verizon (X = Date, Y = Severity)
Verizon cyber incidents detection timeline including parent company and subsidiaries
Verizon Company Subsidiaries
We get you. You want more out of a career. A place to share your ideas freely — even if they’re daring or different. Where the true you can learn, grow, and thrive. You’ll find all that here. Because we empower you. We power and empower how people live, work and play by connecting them to what brings them joy. The same is true inside our walls. We do what we love — driving innovation, creativity, and impact in the world. And wherever you go, we got your back. This is a team sport. Our V Team is a community of people who anticipate, lead, and believe that listening is where learning begins. In crisis and in celebration, we come together— lifting our communities and building trust in how we show up, everywhere & always. Want in? Join the V Team Life.
Loading...
Verizon Similar Companies
Inetum
Inetum is a European leader in digital services. Inetum’s team of 27,000 consultants and specialists strive every day to make a digital impact for businesses, public sector entities and society. Inetum’s solutions aim at contributing to its clients’ performance and innovation as well as the common g
TD SYNNEX
We’re TD SYNNEX (NYSE: SNX), a leading distributor and solutions aggregator for the IT ecosystem. We’re 23,000 of the IT industry’s best and brightest, who share an unwavering passion for bringing compelling technology products, services and solutions to the world. We’re an innovative partner that
Tata Elxsi
Tata Elxsi is amongst the world’s leading providers of design and technology services across industries, including Automotive, Media & Entertainment, Communications, and Healthcare. Tata Elxsi is helping customers reimagine their products and services through design thinking and the application of d
CenturyLink
CenturyLink (NYSE: CTL) is a technology leader delivering hybrid networking, cloud connectivity, and security solutions to customers around the world. Through its extensive global fiber network, CenturyLink provides secure and reliable services to meet the growing digital demands of businesses and c
CACI International Inc
At CACI International Inc (NYSE: CACI), our 25,000 talented and dynamic employees are ever vigilant in delivering distinctive expertise and technology to meet our customers’ greatest challenges in national security. We are a company of good character, relentless innovation, and long-standing excelle
Orange Business
At Orange Business, our ambition is to become the leading European Network and Digital Integrator by leveraging our proven expertise in next-generation connectivity solutions, the cloud and cybersecurity. Our 30,000 women and men are present in 65 countries, where every voice counts. Together, we
We automate, digitize and transform the way people bank and shop. We offer proven expertise and comprehensive portfolios in cutting-edge product technology, multi-vendor software and service excellence for financial and retail customers. Consumer behavior is changing rapidly; people are empowered a
As No. 1, we inspire people in the connected world. With the latest technologies and innovations, together we have the opportunity to shape the future. To do this, we are and act trustworthy, committed and curious. Are you with us? Join us on this exciting journey and work with us or in one of the
Capita is an outsourcer, helping clients across the public and private sectors run complex business processes more efficiently, creating better consumer experiences. Operating across eight countries, Capita’s 34,000 colleagues support primarily UK and European clients with people-based services und
.png)
Verizon CyberSecurity News
November 26, 2025 11:17 AM
AT&T, Verizon, And T-Mobile Customers Should Be Worried About The FCC's Ruling
The Federal Communications Commission recently voted to rescind certain cybersecurity rules, potentially putting mobile customers at greater...
November 25, 2025 04:32 PM
Verizon, AT&T, and T‑Mobile users at risk as controversial law protecting them is scrapped
USERS at major communications companies like Verizon and AT&T may be left feeling uneasy as a law protecting cybersecurity has been...
November 02, 2025 07:00 AM
AI-Powered Attacks Surge: Organizations Face Major Mobile Security Risks
As mobile devices become central to daily business operations, small business owners face a pressing cybersecurity dilemma.
October 24, 2025 07:00 AM
Verizon: AI and Human Error Fuel Mobile Security Threats
Verizon Business's Chris Novak discusses how AI and human error are creating a perfect storm of mobile security threats for businesses of...
October 23, 2025 07:00 AM
Mobile Security: Verizon Says Attacks Soar, AI-Powered Threats Raise Alarm
Verizon published its 2025 Mobile Security Index, which shows that 85% of organizations believe mobile device attacks are on the rise.
October 23, 2025 07:00 AM
AI-driven mobile threats & human error reshape global security
Verizon's Mobile Security Index reveals a surge in AI-driven mobile threats and human error, reshaping global organisational security risks...
October 23, 2025 07:00 AM
Verizon just called 2025 the “perfect storm” for mobile security, and your phone might be the weak link
A new Verizon report says businesses are facing a mobile threat surge – and most aren't ready for what's coming.
October 22, 2025 07:00 AM
Verizon: AI, mobile devices are brewing ‘perfect storm’ for security
Mobile devices are under attack now more than ever, according to the Verizon 2025 Mobile Security Index.
October 22, 2025 07:00 AM
Verizon: Mobile Blindspot Means Needless Data Breaches
People and organizations habitually ignore phone cybersecurity, even though available security options could cut smishing success and...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Verizon CyberSecurity History Information
Official Website of Verizon
The official website of Verizon is https://mycareer.verizon.com/.
Verizon’s AI-Generated Cybersecurity Score
According to Rankiteo, Verizon’s AI-generated cybersecurity score is 725, reflecting their Moderate security posture.
How many security badges does Verizon’ have ?
According to Rankiteo, Verizon currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Verizon have SOC 2 Type 1 certification ?
According to Rankiteo, Verizon is not certified under SOC 2 Type 1.
Does Verizon have SOC 2 Type 2 certification ?
According to Rankiteo, Verizon does not hold a SOC 2 Type 2 certification.
Does Verizon comply with GDPR ?
According to Rankiteo, Verizon is not listed as GDPR compliant.
Does Verizon have PCI DSS certification ?
According to Rankiteo, Verizon does not currently maintain PCI DSS compliance.
Does Verizon comply with HIPAA ?
According to Rankiteo, Verizon is not compliant with HIPAA regulations.
Does Verizon have ISO 27001 certification ?
According to Rankiteo,Verizon is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Verizon
Verizon operates primarily in the IT Services and IT Consulting industry.
Number of Employees at Verizon
Verizon employs approximately 99,359 people worldwide.
Subsidiaries Owned by Verizon
Verizon presently has no subsidiaries across any sectors.
Verizon’s LinkedIn Followers
Verizon’s official LinkedIn profile has approximately 1,444,845 followers.
NAICS Classification of Verizon
Verizon is classified under the NAICS code 5415, which corresponds to Computer Systems Design and Related Services.
Verizon’s Presence on Crunchbase
No, Verizon does not have a profile on Crunchbase.
Verizon’s Presence on LinkedIn
Yes, Verizon maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/verizon.
Cybersecurity Incidents Involving Verizon
As of December 11, 2025, Rankiteo reports that Verizon has experienced 12 cybersecurity incidents.
Number of Peer and Competitor Companies
Verizon has an estimated 37,490 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Verizon ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability, Data Leak, Cyber Attack and Breach.
How does Verizon detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with identified and remediated the security vulnerability, and communication strategy with informed the affected individuals, and third party assistance with upguard, and containment measures with vulnerability addressed by experts, and remediation measures with addressed within a month..
Incident Details
Can you provide details on each incident ?
Title: Verizon Enterprise Solutions Data Breach
Description: Verizon Enterprise Solutions, a B2B unit of the telecommunications giant suffered a data breach incident after a third party offered a database containing the contact information on some 1.5 million customers for sale.
Type: Data Breach
Attack Vector: Exploitation of Web Vulnerabilities
Vulnerability Exploited: Security Vulnerabilities in Verizon’s Web site
Motivation: Financial Gain
Title: Verizon Online Customer Service System Vulnerability
Description: A vulnerability in Verizon’s online customer service system resulted in the exposure of user IDs, phone numbers, and device names.
Type: Data Breach
Vulnerability Exploited: Online customer service system vulnerability
Title: Verizon Employee Database Breach
Description: A hacker obtained a database that included the full name, email address, corporate ID numbers, and phone number of hundreds of Verizon employees. The hackers confirmed that they gained access to a Verizon internal tool that shows employee’s information, and wrote a script to query and scrape the database after convincing a Verizon employee to give them remote access to their corporate computer. The hackers demanded $250,000 as a reward for not leaking their entire employee database.
Type: Data Breach
Attack Vector: Social Engineering, Remote Access
Vulnerability Exploited: Human Factor
Threat Actor: Unspecified Hacker
Motivation: Financial Gain
Title: Verizon Security Breach
Description: Verizon suffered from a security breach that exposed 14 million customer accounts. A hacker obtained a database that included names, addresses, account records and account PIN numbers. The database and its terabytes of internal information were discovered without any real protection, according to cybersecurity company UpGuard, by one of its researchers.
Type: Data Breach
Vulnerability Exploited: Unprotected Database
Threat Actor: Unknown Hacker
Title: Verizon Data Leak
Description: Vickery found a Verizon database set up for public access with no password or other form of verification. The database contains enormous amounts of data and metadata for DVR, VOD, and Fios Hydra services, as well as private Verizon encryption and authentication keys (PSKs), access tokens, and password hashes. Vickery quickly notified Verizon about the cybersecurity vulnerability after seeing the incorrectly configured database. The alert was instantly raised, but it took the corporation weeks to fix the problem. Verizon's data was offered for sale on a darknet forum for $100,000. Additionally, the crooks sold details on the firm's cybersecurity weaknesses.
Type: Data Leak
Attack Vector: Misconfigured Database
Vulnerability Exploited: Incorrectly configured database
Motivation: Financial GainInformation Selling
Title: Verizon Enterprise Solutions Security Breach
Description: KrebsOnSecurity claims that information that was exposed during a Verizon Enterprise Solutions security breach is accessible to cybercriminals. Verizon Enterprise is selling the records of 1.5 million of its customers; the full archive is being offered for $100,000, but purchasers can also purchase a bundle of 100,000 records for $10,000. Additionally, the hackers provided knowledge regarding Verizon security holes that probably made it possible to breach one of the company's systems. Representatives from Verizon Enterprise have acknowledged the website's data breach and the existence of the vulnerability that the attackers used, which has since been addressed by the company's experts. The business stated that no further data or customer-specific proprietary network information was accessed by the hackers.
Type: Data Breach
Attack Vector: Exploiting Security Vulnerability
Vulnerability Exploited: Security holes in Verizon's systems
Threat Actor: Unknown
Motivation: Financial GainData Sale
Title: Verizon Data Breach
Description: Specialists at the Kromtech Security Research Centre have uncovered a fresh Verizon breach that revealed private and delicate information on internal networks. Server logs and internal system credentials are among the many documents that have been leaked; the vast collection of papers was discovered on an unprotected Amazon S3 bucket. The archive appears to make reference to internal systems used by Verizon Wireless, called Distributed Vision Services (DVS). DVS is a middleware system that the business uses to transfer data from back-end systems to front-end applications that employees and staff in call centres and stores utilise. 129 Outlook messages with internal conversations within the Verizon Wireless domain were found in another folder, and other folders included secret internal Verizon information.
Type: Data Breach
Attack Vector: Unprotected Amazon S3 bucket
Vulnerability Exploited: Misconfiguration
Title: Verizon Network Breach by Salt Typhoon
Description: Verizon's network was breached by Chinese hackers codenamed Salt Typhoon, who targeted high-profile individuals including Donald Trump and JD Vance. Officials suggest this breach could have allowed access to private communications and metadata, raising concerns about potential influence operations or espionage. Although the full extent of the data accessed is unclear, metadata alone could reveal sensitive information about the individuals' contacts and communication patterns. This incident showcases the susceptibility of telecommunications infrastructures to sophisticated cyber espionage and its potential implications on national security.
Type: Cyber Espionage
Threat Actor: Salt Typhoon
Motivation: Influence OperationsEspionage
Title: Chinese State-Sponsored Hackers Breach Verizon's Network
Description: Chinese state-sponsored hackers, identified as Salt Typhoon, penetrated Verizon's network with the intention of obtaining sensitive phone communications, including those involving Donald Trump and J.D. Vance, potentially affecting the upcoming 2024 US presidential election. The breach may have compromised metadata about communications and possibly exposed unencrypted voice or text conversations. The security incident signifies a substantial espionage threat by harvesting information that could be used for influence operations.
Type: Espionage
Attack Vector: Network Penetration
Threat Actor: Salt Typhoon
Motivation: Espionage, Influence Operations
Title: Verizon Call Filter Vulnerability
Description: A vulnerability was found in Verizon's Call Filter feature, permitting customers to access call logs of other Verizon users due to an unsecured API request. Discovered by Evan Connelly in February 2025, it was addressed by Verizon within a month. The issue stemmed from an API endpoint that did not verify if the phone number in the JWT payload matched the number whose call logs were retrieved, thus allowing users to view others' call histories. This security lapse presented risks particularly to high-profile individuals, with the potential to map out their daily routines and personal networks through call metadata.
Date Detected: February 2025
Date Resolved: March 2025
Type: Vulnerability Exploit
Attack Vector: Unsecured API
Vulnerability Exploited: Unverified JWT payload
Title: Data Breach Involving Verizon through Sabre Hospitality Solutions
Description: Unauthorized access to payment card and reservation information through Sabre Hospitality Solutions’ system.
Date Detected: 2017-07-20
Date Publicly Disclosed: 2017-07-20
Type: Data Breach
Attack Vector: Unauthorized Access
Title: Verizon Communications Data Breach
Description: Unauthorized access to employee personal information, potentially affecting individuals' names, Social Security numbers, dates of birth, and compensation information.
Date Detected: 2023-09-21
Date Publicly Disclosed: 2024-02-08
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Remote Access, Misconfigured Database, Security holes in Verizon's systems, Unprotected Amazon S3 bucket and Sabre Hospitality Solutions’ system.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach VER232118522
Data Compromised: Customer Contact Information
Incident : Data Breach VER12367622
Data Compromised: User ids, Phone numbers, Device names
Incident : Data Breach VER31211822
Data Compromised: Full name, Email address, Corporate id numbers, Phone number
Systems Affected: Internal Tool
Incident : Data Breach VER919291022
Data Compromised: Names, Addresses, Account records, Account pin numbers
Incident : Data Leak VER41721823
Data Compromised: Dvr data, Vod data, Fios hydra data, Encryption and authentication keys, Access tokens, Password hashes
Systems Affected: DVRVODFios Hydra
Incident : Data Breach VER1744261023
Data Compromised: 1.5 million customer records
Incident : Data Breach VER27111223
Data Compromised: Server logs, Internal system credentials, Internal conversations, Secret internal verizon information
Systems Affected: Distributed Vision Services (DVS)Verizon Wireless domain
Incident : Cyber Espionage VER000102624
Data Compromised: Private communications, Metadata
Incident : Espionage VER000102724
Data Compromised: Metadata about communications, Unencrypted voice or text conversations
Incident : Vulnerability Exploit VER203040225
Data Compromised: Call logs, Call histories
Systems Affected: Call Filter feature
Incident : Data Breach VER242071625
Data Compromised: Payment card information, Reservation information
Systems Affected: Sabre Hospitality Solutions’ system
Payment Information Risk: True
Incident : Data Breach VER948072625
Data Compromised: Names, Social security numbers, Dates of birth, Compensation information
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Contact Information, User Ids, Phone Numbers, Device Names, , Full Name, Email Address, Corporate Id Numbers, Phone Number, , Names, Addresses, Account Records, Account Pin Numbers, , Dvr Data, Vod Data, Fios Hydra Data, Encryption And Authentication Keys, Access Tokens, Password Hashes, , Customer Records, Server Logs, Internal System Credentials, Internal Conversations, Secret Internal Verizon Information, , Private Communications, Metadata, , Metadata About Communications, Unencrypted Voice Or Text Conversations, , Call Logs, Call Histories, , Payment Card Information, Reservation Information, , Names, Social Security Numbers, Dates Of Birth, Compensation Information and .
Which entities were affected by each incident ?
Incident : Data Breach VER232118522
Entity Name: Verizon Enterprise Solutions
Entity Type: B2B Unit
Industry: Telecommunications
Customers Affected: 1500000
Incident : Data Breach VER12367622
Entity Name: Verizon
Entity Type: Company
Industry: Telecommunications
Incident : Data Breach VER31211822
Entity Name: Verizon
Entity Type: Telecommunications Company
Industry: Telecommunications
Incident : Data Breach VER919291022
Entity Name: Verizon
Entity Type: Telecommunications Company
Industry: Telecommunications
Customers Affected: 14 million
Incident : Data Leak VER41721823
Entity Name: Verizon
Entity Type: Telecommunications Company
Industry: Telecommunications
Incident : Data Breach VER1744261023
Entity Name: Verizon Enterprise Solutions
Entity Type: Telecommunications
Industry: Telecommunications
Customers Affected: 1.5 million
Incident : Data Breach VER27111223
Entity Name: Verizon
Entity Type: Corporation
Industry: Telecommunications
Incident : Cyber Espionage VER000102624
Entity Name: Verizon
Entity Type: Telecommunications Company
Industry: Telecommunications
Incident : Espionage VER000102724
Entity Name: Verizon
Entity Type: Telecommunications Company
Industry: Telecommunications
Incident : Vulnerability Exploit VER203040225
Entity Name: Verizon
Entity Type: Telecommunications Company
Industry: Telecommunications
Incident : Data Breach VER242071625
Entity Name: Verizon
Entity Type: Corporation
Industry: Telecommunications
Location: United States
Customers Affected: 2
Incident : Data Breach VER948072625
Entity Name: Verizon Communications
Entity Type: Company
Industry: Telecommunications
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach VER232118522
Remediation Measures: Identified and remediated the security vulnerability
Communication Strategy: Informed the affected individuals
Incident : Data Breach VER919291022
Third Party Assistance: Upguard.
Incident : Data Breach VER1744261023
Containment Measures: Vulnerability addressed by experts
Incident : Vulnerability Exploit VER203040225
Remediation Measures: Addressed within a month
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through UpGuard, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach VER232118522
Type of Data Compromised: Contact Information
Number of Records Exposed: 1500000
Incident : Data Breach VER12367622
Type of Data Compromised: User ids, Phone numbers, Device names
Incident : Data Breach VER31211822
Type of Data Compromised: Full name, Email address, Corporate id numbers, Phone number
Number of Records Exposed: Hundreds
Sensitivity of Data: High
Incident : Data Breach VER919291022
Type of Data Compromised: Names, Addresses, Account records, Account pin numbers
Number of Records Exposed: 14 million
Personally Identifiable Information: NamesAddresses
Incident : Data Leak VER41721823
Type of Data Compromised: Dvr data, Vod data, Fios hydra data, Encryption and authentication keys, Access tokens, Password hashes
Sensitivity of Data: High
Incident : Data Breach VER1744261023
Type of Data Compromised: Customer Records
Number of Records Exposed: 1.5 million
Incident : Data Breach VER27111223
Type of Data Compromised: Server logs, Internal system credentials, Internal conversations, Secret internal verizon information
Sensitivity of Data: High
Incident : Cyber Espionage VER000102624
Type of Data Compromised: Private communications, Metadata
Sensitivity of Data: High
Incident : Espionage VER000102724
Type of Data Compromised: Metadata about communications, Unencrypted voice or text conversations
Sensitivity of Data: High
Incident : Vulnerability Exploit VER203040225
Type of Data Compromised: Call logs, Call histories
Sensitivity of Data: High
Incident : Data Breach VER242071625
Type of Data Compromised: Payment card information, Reservation information
Number of Records Exposed: 2
Sensitivity of Data: High
Incident : Data Breach VER948072625
Type of Data Compromised: Names, Social security numbers, Dates of birth, Compensation information
Sensitivity of Data: High
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Identified and remediated the security vulnerability, Addressed within a month, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by vulnerability addressed by experts.
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach VER31211822
Ransom Demanded: $250,000
References
Where can I find more information about each incident ?
Incident : Data Breach VER919291022
Source: UpGuard
Incident : Data Breach VER1744261023
Source: KrebsOnSecurity
Incident : Data Breach VER27111223
Source: Kromtech Security Research Centre
Incident : Data Breach VER948072625
Source: Vermont Office of the Attorney General
Date Accessed: 2024-02-08
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: UpGuard, and Source: KrebsOnSecurity, and Source: Kromtech Security Research Centre, and Source: Montana Department of JusticeDate Accessed: 2017-07-20, and Source: Vermont Office of the Attorney GeneralDate Accessed: 2024-02-08.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Informed the affected individuals.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach VER31211822
Entry Point: Remote Access
Incident : Data Leak VER41721823
Entry Point: Misconfigured Database
Incident : Data Breach VER1744261023
Entry Point: Security holes in Verizon's systems
Incident : Data Breach VER27111223
Entry Point: Unprotected Amazon S3 bucket
Incident : Cyber Espionage VER000102624
High Value Targets: Donald Trump, Jd Vance,
Data Sold on Dark Web: Donald Trump, Jd Vance,
Incident : Espionage VER000102724
High Value Targets: Donald Trump, J.D. Vance,
Data Sold on Dark Web: Donald Trump, J.D. Vance,
Incident : Vulnerability Exploit VER203040225
High Value Targets: High-Profile Individuals,
Data Sold on Dark Web: High-Profile Individuals,
Incident : Data Breach VER242071625
Entry Point: Sabre Hospitality Solutions’ system
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach VER232118522
Root Causes: Security Vulnerabilities in Verizon’s Web site
Corrective Actions: Identified and remediated the security vulnerability
Incident : Data Breach VER31211822
Root Causes: Social Engineering, Lack of Employee Awareness
Incident : Data Leak VER41721823
Root Causes: Incorrectly configured database
Incident : Data Breach VER1744261023
Root Causes: Security holes in Verizon's systems
Corrective Actions: Vulnerability addressed by experts
Incident : Data Breach VER27111223
Root Causes: Misconfiguration
Incident : Vulnerability Exploit VER203040225
Root Causes: Unverified Jwt Payload,
Corrective Actions: Addressed Within A Month,
Incident : Data Breach VER242071625
Root Causes: Unauthorized access to Sabre Hospitality Solutions’ system
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Upguard, .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Identified and remediated the security vulnerability, Vulnerability addressed by experts, Addressed Within A Month, .
Additional Questions
General Information
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was $250,000.
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Unspecified Hacker, Unknown Hacker, Unknown, Salt Typhoon and Salt Typhoon.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on February 2025.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-02-08.
What was the most recent incident resolved ?
Most Recent Incident Resolved: The most recent incident resolved was on March 2025.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Customer Contact Information, user IDs, phone numbers, device names, , Full Name, Email Address, Corporate ID Numbers, Phone Number, , Names, Addresses, Account Records, Account PIN Numbers, , DVR data, VOD data, Fios Hydra data, Encryption and authentication keys, Access tokens, Password hashes, , 1.5 million customer records, Server logs, Internal system credentials, Internal conversations, Secret internal Verizon information, , Private Communications, Metadata, , Metadata about communications, Unencrypted voice or text conversations, , Call logs, Call histories, , payment card information, reservation information, , names, Social Security numbers, dates of birth, compensation information and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Internal Tool and DVRVODFios Hydra and Distributed Vision Services (DVS)Verizon Wireless domain and Call Filter feature and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was upguard, .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Vulnerability addressed by experts.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Social Security numbers, Full Name, 1.5 million customer records, Phone Number, Addresses, Call histories, reservation information, Names, Account PIN Numbers, Internal conversations, Metadata, Secret internal Verizon information, Encryption and authentication keys, Server logs, Account Records, phone numbers, DVR data, Customer Contact Information, VOD data, Metadata about communications, Fios Hydra data, Private Communications, Internal system credentials, dates of birth, Password hashes, payment card information, Unencrypted voice or text conversations, Call logs, names, Email Address, Corporate ID Numbers, Access tokens, user IDs, device names and compensation information.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 15.5M.
Ransomware Information
What was the highest ransom demanded in a ransomware incident ?
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was $250,000.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are UpGuard, Montana Department of Justice, KrebsOnSecurity, Vermont Office of the Attorney General and Kromtech Security Research Centre.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Misconfigured Database, Sabre Hospitality Solutions’ system, Remote Access, Security holes in Verizon's systems and Unprotected Amazon S3 bucket.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Security Vulnerabilities in Verizon’s Web site, Social Engineering, Lack of Employee Awareness, Incorrectly configured database, Security holes in Verizon's systems, Misconfiguration, Unverified JWT payload, Unauthorized access to Sabre Hospitality Solutions’ system.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Identified and remediated the security vulnerability, Vulnerability addressed by experts, Addressed within a month.
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=verizon' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
