Verizon has notified an unknown number of its prepaid customers of a cyberattack that partially exposed their credit card information, as well as a wide variety of other personally identifiable information that could lead to identity theft.
In a letter sent to its customers, Verizon said it recently spotted unusual activity on its network, and upon further investigation, discovered a breach that occurred between October 6 and October 10, 2022.
The company did not say who was behind the attack, or how the threat actors managed to get through Verizon’s endpoints.
SIM swapping attacks
It’s unclear whether the breach resulted from malware, ransomware, or social engineering. It did say that the attackers obtained the last four digits of prepaid customers’ credit cards used to pay for the service.
The attackers used this information to access user accounts, engage in SIM swapping attacks, and steal sensitive data:
“Using the last four digits of that credit card, the third party was able to gain access to your Verizon account and may have processed an unauthorized SIM card change on the prepaid line that received the SMS linking to this notice,” the company said. “If a SIM card change occurred, Verizon has reversed it.”
Among the sensitive data stolen were names, phone numbers, postal addresses, price plans, and other service-related information.
However, Verizon have confirmed that banking data, financial data, passwords, Social Security numbers and tax IDs were not accessed.
While the company did reset the PIN codes for all affected customers, it also suggested that users review sensitive login information for themselves.
“Set a new Verizon PIN code. Do not reuse a previous PIN, and be sure to pick a unique PIN that is not used to secure other non-Verizon accounts. Set a new password and new secret question and answer for users with access to your My Verizon online account.”
Via: BleepingComputer (opens in new tab)