Total Wireless Data Breach Class Actions (Veriff Hack)
Data Breach · Lawsuit Filed

Total Wireless Data Breach Class Actions Filed After a Hack at ID-Verification Vendor Veriff

Published July 9, 2026

To sign up with Total Wireless, some customers uploaded a photo of their driver's license. A hack at the vendor that checked those IDs is now the subject of class action litigation.

Mobile phones — the Total Wireless / Veriff data breach class action over exposed ID images
A breach at Veriff, the ID-verification vendor used by Total Wireless, exposed customers' government-ID images.
Allegations Only · No Settlement Yet

This article describes class action complaints and reported breach details. The statements below are unproven allegations or reported facts. No defendant has been found liable, there is no certified class, and nothing to claim at this time. This page is informational and is not legal advice.

What Is This About?

Customers of Total Wireless — a Verizon prepaid brand — had personal information exposed in a data breach, and class action litigation has followed. As with many breaches, the weak point was a vendor: the exposed data came from Veriff, the identity-verification company Total Wireless used to check customers' IDs during a promotion and sign-up flow, not from Total Wireless's own network. Proposed class actions have reportedly been filed in the U.S. District Court for the Southern District of New York naming Veriff (the Estonian entity Veriff OÜ) and Total Wireless — reported as Stockton v. Veriff OÜ, No. 1:26-cv-00520, and related cases.

The core facts of the breach itself are documented in a state breach-notification filing; the exact court docket numbers above come from legal-news reporting and are noted as reported pending a court-record confirmation. Either way, the litigation is at its earliest stage: the allegations are unproven, no class has been certified, and there is no settlement and nothing to claim. This is a new incident and is not the same as the older 2021 TracFone data breach settlement.

Status Complaints Reportedly Filed Reported in S.D.N.Y. against Veriff OÜ & Total Wireless · early 2026
People Affected ~8,583 U.S. consumers Company-reported (incl. 13 Maine residents per the Maine AG) — a small, defined incident
Reportedly Exposed Government-ID images (e.g., driver's licenses), addresses & dates of birth From a Total Wireless ID-verification step · no Social Security or financial data reported
Can I Claim? No — nothing to claim yet Total Wireless is offering 1 year of free Experian identity protection

The Breach

According to the breach notices, a threat actor used a phishing site to steal a Veriff employee's login credentials around November 18, 2025. Veriff detected the issue and notified Total Wireless by around December 10, 2025, and customer notifications began in January 2026 — the same month Total Wireless filed a notice with the Maine Attorney General. The company-reported total is 8,583 affected U.S. consumers, including 13 Maine residents.

The exposed information reportedly consisted of images of government-issued IDs, such as driver's licenses, along with mailing addresses and dates of birth — the material customers submit to prove their identity when activating service or claiming a promotion. Plaintiffs allege the data was stored unencrypted and unredacted, which is a claim from the complaints rather than a confirmed fact. Notably, no Social Security numbers or financial-account information have been reported in this incident, which distinguishes it from many larger breaches. Total Wireless has said its own systems were not affected; the exposure originated at Veriff.

What the Lawsuits Allege

The proposed class actions plead negligence and negligence per se: that Veriff and Total Wireless failed to implement and maintain adequate data-security measures, stored sensitive ID data in an insecure form, and left customers exposed to identity theft. Because government-ID images can be used to open accounts or pass identity checks elsewhere, ID-document exposure is a real fraud concern even without Social Security numbers. Plaintiffs seek damages, longer-term identity monitoring, and security improvements. The defendants have not answered on the merits, and none of the claims has been tested — treat the attacker narrative and the security allegations as reported/alleged.

Not the Same as the Old TracFone Settlement

Because Total Wireless is part of the TracFone/Verizon prepaid family, this is easy to confuse with a settlement OCA already covers — but they are different. The TracFone data breach settlement relates to a 2021 incident and its claim deadline passed in August 2025. The Total Wireless/Veriff matter is a separate November 2025 breach with its own new litigation and no settlement. If you are looking to file a claim for the old TracFone case, that window has closed; nothing about this new case reopens it.

What Should Affected Customers Do?

If you received a notice, enroll in the free identity-protection and credit monitoring Total Wireless is offering through Experian — it includes identity-restoration help and identity-theft insurance. Because government-ID images were reportedly exposed, be alert to identity-verification fraud: watch for new accounts or service opened in your name, and treat unexpected requests to "confirm" your identity with suspicion. A fraud alert with the credit bureaus is a reasonable precaution. Keep any notice you receive; if a settlement is reached later, that notice is typically how class members file. For how these cases usually unfold, see our data breach coverage.

This page is informational and is not legal advice.

Frequently Asked Questions

What happened in the Total Wireless / Veriff data breach?

A threat actor reportedly phished a Veriff employee's credentials around November 18, 2025. Veriff is the ID-verification vendor Total Wireless used; the exposed data came from Veriff's systems and reportedly included government-ID images, addresses, and birthdates for about 8,583 U.S. consumers.

Was my Social Security number exposed?

No SSN or financial-account exposure has been reported in this incident — the reported data was ID images, addresses, and birthdates. That differs from the older 2021 TracFone breach.

Is this the same as the old TracFone data breach settlement?

No. This is a new, separate November 2025 Veriff/Total Wireless incident. The TracFone settlement relates to a 2021 breach and its claim deadline passed in August 2025.

Is there a settlement or money to claim?

No. The litigation is at the complaint stage — no class certified, no settlement, no fund, no claim form. Total Wireless is offering one year of free Experian identity protection, separate from any lawsuit.

Sources

Maine Attorney General — Total Wireless / Veriff Data Breach Notice
CyberInsider — Total Wireless Breach Exposing Customer Data
teiss — Data Security Incident at Veriff Impacted Total Wireless Customers


For more class actions keep scrolling below.
Status Complaints reportedly filed — no class certified, no settlement
Reported Case Stockton v. Veriff OÜ (and related), reported No. 1:26-cv-00520 — pending court-record confirmation
Court U.S. District Court, Southern District of New York (as reported)
Defendants Veriff OÜ (ID-verification vendor) & Total Wireless (Verizon prepaid brand)
People Affected ~8,583 U.S. consumers (company-reported)
Data Exposed Government-ID images, addresses, dates of birth (no SSN/financial reported)
Official Source Maine AG Breach Notice

More Data Breach Cases