Major Telecom Provider Confirms SIM-Swap Attack Affected 500,000 Subscribers

US telecommunications giant VeriConnect has disclosed that a sophisticated insider-assisted SIM-swap operation compromised approximately 500,000 subscriber accounts over a six-month period from August 2025 through January 2026.

The operation involved a criminal network that recruited and bribed VeriConnect retail store employees to perform unauthorized SIM swaps. The compromised employee accounts had elevated privileges that bypassed normal verification procedures, including the company's recently implemented AI-based fraud detection system.

Affected subscribers had their phone numbers temporarily transferred to attacker-controlled SIM cards, enabling the criminals to intercept SMS-based two-factor authentication codes. The FBI has identified at least $23 million in cryptocurrency theft directly linked to these SIM swaps.

VeriConnect has terminated 47 employees implicated in the scheme and implemented new biometric verification requirements for all SIM swap requests. The company is also deploying a new system that requires customers to confirm SIM changes through an authenticated app notification.

The FCC has announced an investigation and may impose significant fines under its recently strengthened SIM-swap prevention rules. Several affected cryptocurrency investors have filed a class-action lawsuit seeking damages from VeriConnect for negligent security practices.