Hackers claim 6.3 million customer records stolen from Verizon retail partner Russell Cellular

A dataset allegedly containing more than 6.3 million customer records linked to Russell Cellular, a major U.S. wireless retailer and authorized seller of Verizon services, is being offered for sale online for $1,200, raising concerns about a potential large-scale telecom data breach.

Russell Cellular, which operates more than 750 retail locations nationwide and employs over 2,000 people, is described as one of the largest Verizon authorized retailers in the United States. The dataset, advertised on a known hacker forum, is said to total დაახლოებით 61 GB and span 209 database tables.

The threat actor behind the listing claims the trove includes a wide range of sensitive customer and employee information. The allegedly exposed data contains full names, phone numbers, email addresses, account numbers, device identifiers such as ESN and IMEI numbers, invoice and tracking records, contract details, device models, and selected tariff plans.

The dataset is also said to include employee-related information, including usernames, passwords, and access roles. Samples shared alongside the listing appear to show structured records resembling customer profiles and internal employee data. Some of the employee credentials appear in plaintext, while others are hashed, indicating potential exposure of internal systems.

Security researchers examining the samples identified patterns consistent with legitimate datasets, heightening concerns about the potential misuse of the information. The exposure of employee credentials increases the risk of unauthorized system access, credential reuse attacks, and broader compromise attempts. The availability of detailed customer and employee data could also enable targeted social engineering and reconnaissance activities.

The authenticity of the dataset and the exact source of the alleged breach remain unconfirmed. It is not yet clear whether the data originated from Russell Cellular’s internal systems or from a third-party service provider connected to its operations.

Verizon, a U.S.-based telecommunications company whose services are sold through Russell Cellular, has acknowledged awareness of a potential threat involving customer data linked to a third-party retailer. The company has initiated an investigation and is working with the retailer to determine the scope and impact of the incident. Further updates are expected as the investigation progresses.