Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,175
- Points
- 113
A series of cyber incidents led to a large-scale data leak of the company's customers.
Verizon has agreed to pay a $ 16 million fine to the U.S. Federal Communications Commission (FCC) in connection with three cases of data leaks at its TracFone Wireless subsidiary following its acquisition in 2021. TracFone provides telecommunications services through Total by Verizon Wireless, Straight Talk, and Walmart Family Mobile.
TracFone's data breaches occurred between 2021 and 2023 and included three separate incidents. The first incident, called "Cross-Brand", was publicly disclosed by TracFone itself on January 14, 2022. The company discovered the leak in December 2021, but an investigation showed that the attackers had access to customer data for almost a whole year-from January 2021.
Then the attackers gained access to confidential information, including personal data (PII) and confidential network information (CPNI), which allowed them to approve unauthorized requests to transfer numbers.
Two other incidents involving TracFone order sites were disclosed on December 20, 2022 and January 13, 2023. In both cases, unauthorized attackers exploited the vulnerability to access order information, including CPNI and other customer data.
In addition to a significant monetary fine, the company is required to implement measures to improve the level of security of its customers ' data. According to the signed agreement, TracFone must implement the following protective measures by February 28, 2025:
This incident with data leaks highlights the importance of constant attention to information security and timely response to identified cyber threats. Despite the serious consequences for the company and its customers, the measures taken and the implementation of new security standards demonstrate the willingness of Verizon and TracFone to improve data protection and prevent similar incidents in the future.
Source
Verizon has agreed to pay a $ 16 million fine to the U.S. Federal Communications Commission (FCC) in connection with three cases of data leaks at its TracFone Wireless subsidiary following its acquisition in 2021. TracFone provides telecommunications services through Total by Verizon Wireless, Straight Talk, and Walmart Family Mobile.
TracFone's data breaches occurred between 2021 and 2023 and included three separate incidents. The first incident, called "Cross-Brand", was publicly disclosed by TracFone itself on January 14, 2022. The company discovered the leak in December 2021, but an investigation showed that the attackers had access to customer data for almost a whole year-from January 2021.
Then the attackers gained access to confidential information, including personal data (PII) and confidential network information (CPNI), which allowed them to approve unauthorized requests to transfer numbers.
Two other incidents involving TracFone order sites were disclosed on December 20, 2022 and January 13, 2023. In both cases, unauthorized attackers exploited the vulnerability to access order information, including CPNI and other customer data.
In addition to a significant monetary fine, the company is required to implement measures to improve the level of security of its customers ' data. According to the signed agreement, TracFone must implement the following protective measures by February 28, 2025:
- Develop an information security program to reduce API vulnerabilities by complying with NIST and OWASP standards, implement secure API controls, and regularly test and update security measures.
- Implement protection for SIM card changes and number transfer requests, including secure authentication, notifying customers of such requests, and providing PIN codes for transferring numbers.
- Conduct annual information security assessments to verify the effectiveness of the program, as well as independent external evaluations every two years.
- Organize annual privacy and security training for employees to improve their ability to protect customer data and comply with security protocols.
This incident with data leaks highlights the importance of constant attention to information security and timely response to identified cyber threats. Despite the serious consequences for the company and its customers, the measures taken and the implementation of new security standards demonstrate the willingness of Verizon and TracFone to improve data protection and prevent similar incidents in the future.
Source
