Total Wireless Data Breach Exposes Promotion Customers' ID Verification Data

On Dec. 10, 2025, Total Wireless, a prepaid wireless carrier owned by Verizon, was made aware of a data breach involving its identity verification service provider, Veriff. According to disclosures filed with multiple state attorneys general, the breach occurred on Nov. 18, 2025, and impacted a total of 8,583 Total Wireless customers across the United States.

Of those affected, 13 were Maine residents and 128 were Massachusetts residents, as confirmed in filings with the Maine Attorney General and Massachusetts Office of Consumer Affairs and Business Regulation. The incident was also reported to the California Attorney General and Vermont Attorney General.

The exposed information includes images of government-issued IDs (such as driver’s licenses), postal addresses and dates of birth. The breach specifically affected customers who provided their identification to Veriff for a Total Wireless promotion.

Total Wireless learned about the breach from Veriff, which provided details about the impacted individuals. The company began notifying affected consumers by written notice on Jan. 9, 2026, in accordance with state law.

Total Wireless's response

Upon being notified of the incident, Total Wireless worked closely with Veriff to identify the individuals whose information was compromised. Veriff took steps to secure its systems, determined the nature of the unauthorized access and retained a cybersecurity firm to assist with the investigation. Total Wireless also notified law enforcement authorities.

To support affected customers, Total Wireless is offering free identity protection and credit monitoring services for one year through Experian IdentityWorks. This service includes credit monitoring across the three major credit bureaus, identity restoration assistance and up to $1 million in identity theft insurance. Affected individuals are encouraged to enroll in these services by April 30, 2026, and to remain vigilant by reviewing account statements and credit reports for any suspicious activity.

Given the nature of the breach—exposure of sensitive identification documents and personal data—customers should be cautious of unsolicited communications and avoid clicking on suspicious links or providing personal information in response to unexpected requests. It is also recommended to consider placing a fraud alert or security freeze on credit files and to promptly report any signs of identity theft to the Federal Trade Commission, law enforcement and state attorney general offices.