An alleged Verizon data breach has seen hackers offering for sale a database of 61 million customer records, which includes personal information useful for both phishing attempts and identity theft. Update: Verizon told us it has checked the data and it is not from its customers – see the end of the piece. The sample data supplied includes name, full postal address, date of birth, email address, phone number(s), tax identification code, and other ID codes. Security researchers at SafetyDetectives said that the data was being offered for sale, but the samples posted were too small to confirm the veracity. They could only say that it appeared to be legitimate, originating in 2025. The team says that if the data is genuine, it poses four risks to customers. Identity Theft: With this type of data, attackers are more likely to successfully impersonate an individual to open bank accounts, apply for loans, or file fraudulent tax returns in their name. Targeted Social Engineering or Phishing Attacks: Knowing detailed personal information allows attackers to craft highly convincing scams via email, phone, or text. These scams typically aim to trick individuals into revealing more sensitive data or making harmful decisions. Financial Fraud: Tax ID and address data can be used to access or attempt to reset online banking or financial service accounts, potentially leading to unauthorized transactions. Account Takeover or Credential Recovery Abuse: Many online services use phone numbers and personal details like DOB for identity verification. With this data, attackers may reset passwords and take over accounts such as email, social media, or e-commerce platforms. You should always be cautious of unexpected communications claiming to be from service providers and banks, even if they quote information intended to assure you they are genuine. If you’re not expecting a call or email, always contact the company via a known good phone number. You’ll find other steps you can take to protect yourself in our recent piece: Verizon statement Verizon has now told us: We are aware of an issue in which a threat actor posted a data set claiming to be that of Verizon customers on the dark web. We have examined the postings and have determined that it is old data, previously posted on the dark web, and is not affiliated with our Company or customers. Additionally, this threat actor recently made similar claims about other major U.S. wireless companies. At this point, there’s no need to notify customers and there’s no impact to Verizon or its customers. Highlighted deals Photo by José Matute on Unsplash