A recent data breach has compromised the personal information of 8,583 Total Wireless customers, according to disclosure letters sent by the company.
The incident originated not within Total Wireless itself, but through a compromise of its third-party identity verification provider, Veriff.
Veriff notified Total Wireless of the unauthorized access on December 10, 2025, confirming that an external threat actor had obtained customer data from its systems. The breached data includes images of government-issued identification provided by users during an identity verification process for a Total Wireless promotion. In some cases, the exposed information also includes postal addresses and dates of birth.
Total Wireless is a prepaid mobile service provider that operates under Verizon's ownership. It caters to cost-conscious consumers in the United States, offering no-contract plans through retail partners and online. The brand, which was previously part of TracFone Wireless, was integrated under Verizon following its 2021 acquisition of TracFone from América Móvil.
The compromised identity verification service, Veriff, is a global provider of AI-powered identity verification technology. It is commonly used by online services to confirm users' identities via ID document scans and facial recognition. In response to the breach, Veriff reportedly secured its systems, investigated the root cause, and brought in a cybersecurity firm to assist with mitigation efforts.
While Total Wireless emphasized that its own systems were not impacted, it has informed law enforcement and is offering affected individuals a one-year subscription to Experian IdentityWorks, which includes credit monitoring, identity restoration assistance, and fraud detection tools. Customers are being advised to remain vigilant, review their credit reports, and report any suspicious activity immediately.
CyberInsider has not found any related disclosures on ransomware group sites or data leaks on hacker forums, so the type of the compromise and perpetrators have not been determined.
Article updated on 2/13 to include statement from Veriff spokesperson
“This incident resulted from phishing attacks seeking to exploit Veriff customers who have not fully implemented available security measures on their accounts. Veriff’s customers who have followed the security recommendations we provide have NOT been affected. In this case made public, a customer’s employee had their credentials compromised by using a phishing site.”
“Veriff provides trust infrastructure to some of the world’s largest brands and maintains rigorous security standards. While Veriff will always strive to take maximum responsibility for the level of trust delivered to the customers of its customers, we share this duty with our customers. We urge all customers to review the security protocols and recommendations, including SSO, IP whitelisting, least access principle, etc, and to ensure employees are aware of the risks and follow appropriate procedures when interacting with the Veriff portal.” – Veriff spokesperson
Leave a Reply