Total Wireless & Veriff Data Breach 2026, Three Class Actions Filed After Government IDs Stolen in Identity Verification Hack
Three class action lawsuits filed in the U.S. District Court for the Southern District of New York allege that Total Wireless and its identity verification provider Veriff failed to adequately protect customers’ personally identifiable information from a November 2025 data breach. Exposed data includes images of government-issued identification documents, mailing addresses, and dates of birth — collected during an identity verification process for a Total Wireless promotion. A total of 8,583 U.S. consumers were affected. No settlement exists. No claim form is available. Three cases are now active in federal court.
Quick Facts
- Case names:
- Stockton v. Veriff OU, et al. — Case No. 1:26-cv-00520
- Reed v. Veriff OU, et al. — Case No. 1:26-cv-00465
- McLaughlin v. Veriff OU, et al. — Case No. 1:26-cv-00566
- Court: U.S. District Court, Southern District of New York
- Defendants: Veriff OÜ and Total Wireless
- Breach date: November 18, 2025
- Discovery date: December 10, 2025
- Notification date: January 9, 2026
- People affected: 8,583 U.S. consumers
- Data exposed: Government-issued ID images, addresses, dates of birth
- Settlement: ❌ None
- Claim form: ❌ None available
- Free protection offered: ✅ 12 months Experian IdentityWorks
- Total Wireless owner: Verizon (prepaid brand)
Current Status
All three lawsuits were filed in early 2026 and are at the earliest litigation stage. No class has been certified. No trial dates have been set. No defendants have answered the complaints.
No settlement. No claim form. No payment available. This page will be updated when any settlement or claim process opens.
What Happened
In December 2025, Total Wireless learned of a security incident involving consumer information after its identity verification service provider, Veriff, notified the company that an unauthorized party had accessed certain customer data. Veriff informed Total Wireless on December 10, 2025.
Unauthorized access took place on or around November 18, 2025, and was detected on December 10, 2025. Total Wireless filed an official notice with the Maine Attorney General on January 9, 2026.
The affected information originated entirely from Veriff’s systems. Total Wireless confirms its own systems were not impacted. Following the breach, Veriff secured its systems and engaged a cybersecurity firm to investigate the incident.
What Is Veriff?
Veriff is a global provider of AI-powered identity verification technology, commonly used by online services to confirm users’ identities via ID document scans and facial recognition. Total Wireless used Veriff specifically to verify customer identities in connection with certain promotional offers.
What Data Was Exposed
The information potentially involved includes images of government-issued identification documents used for identity verification, as well as associated personal information such as mailing addresses and dates of birth.
If you provided a government-issued ID to Veriff for a Total Wireless promotion, this information may have been accessed by the unauthorized party. Government ID images are among the most sensitive data types a consumer can expose — they cannot be changed like a password or account number and create lifetime identity theft risk.
Who Could Be Included
The plaintiffs seek to represent a nationwide class of individuals residing in the United States whose PII was accessed and/or acquired by an unauthorized party as a result of the data breach and who received a notice letter from the defendants.
You may qualify if:
- You are a U.S. consumer who submitted a government-issued ID to Veriff as part of a Total Wireless promotional offer
- You received a data breach notification letter from Total Wireless in January 2026
- You are among the 8,583 total U.S. consumers affected, including residents of Maine, Massachusetts, New Hampshire, and Texas
What the Lawsuits Allege
All three plaintiffs argue Veriff and Total Wireless were negligent in protecting the PII of their customers, which was left unencrypted and unredacted.
Plaintiff Trina Stockton, a Colorado resident, claims Veriff and Total Wireless failed to implement and maintain adequate data security measures, leaving their customers vulnerable to identity theft and fraud.
Plaintiff Dustine Reed, an Ohio resident, alleges the present and continuing risk of identity theft and fraud to victims of the data breach will remain for their respective lifetimes. “Hackers targeted and obtained the plaintiff’s and class members’ private information because of its value in exploiting and stealing the identities of the plaintiff and class members,” his complaint states.
Free Protection Total Wireless Is Offering
Total Wireless is offering affected consumers a free one-year subscription to Experian IdentityWorks. The package includes credit monitoring across all three major credit bureaus, identity restoration support, and up to $1 million in identity theft insurance.
If you received a breach notification letter, enroll in Experian IdentityWorks using the instructions provided before the deadline stated in your individual letter.
Related article: Sig Sauer P320 Class Action Lawsuit 2026, ‘Extraordinarily Dangerous’ Pistol Fires Without Trigger Pull, Washington Owners Can Join
What Affected Consumers Should Do Now
1. Enroll in free Experian IdentityWorks using the code in your notification letter before the deadline.
2. Place a credit freeze at all three major bureaus — Equifax, Experian, and TransUnion — at no cost. This blocks new accounts from being opened in your name.
3. Set up a fraud alert. A one-year fraud alert placed with any bureau is automatically shared with the other two.
4. Monitor for phishing. Stolen government ID images enable highly targeted impersonation scams. Be skeptical of unsolicited calls, emails, or texts claiming to be from Total Wireless, Verizon, or government agencies.
5. Contact a data breach attorney for a free consultation if your information was compromised. Most firms handle these cases at no upfront cost.
Broader Context: Identity Verification Vendors Are a Growing Target
The Total Wireless breach is part of a broader pattern of attacks targeting third-party identity verification infrastructure. In December 2025, Veriff’s systems were compromised in an unauthorized access incident — one of several identity verification vendors breached within an 18-month window.
Total Wireless is a prepaid mobile service provider owned by Verizon, operating under Verizon’s Value portfolio alongside Straight Talk, Visible, TracFone, Simple Mobile, SafeLink, Walmart Family Mobile, and Verizon Prepaid. The breach is notable because it stems entirely from a vendor relationship — not any internal security failure at Total Wireless itself.
For related telecom breach coverage with active legal proceedings, see AllAboutLawyer.com’s reporting on the AT&T $177M Data Breach Settlement — where a third-party cloud vendor breach affecting 73 million customers resulted in one of the largest telecom settlements in U.S. history — and the Conduent Data Breach, another third-party vendor attack affecting over 14 million consumers with free credit monitoring enrollment open through March 31, 2026.
FAQs
Is there a Total Wireless settlement I can file a claim in?
No. Three class action lawsuits were filed in early 2026 but no settlement has been reached. No claim form or settlement website exists. Check back here for updates.
Was Total Wireless’s own system hacked?
No. The breach occurred entirely within Veriff’s systems. Total Wireless confirms its own systems were not impacted by the incident.
What data was stolen?
Images of government-issued identification documents submitted for identity verification, plus associated personal information including mailing addresses and dates of birth.
How many people were affected?
8,583 U.S. consumers in total, including 13 in Maine, 128 in Massachusetts, 20 in New Hampshire, and 1,095 in Texas.
I submitted my ID for a Total Wireless promotion but didn’t get a letter. Am I affected?
Contact Total Wireless customer service directly. If you submitted a government-issued ID for any Total Wireless promotional offer and have not received a notification letter, request confirmation of whether your data was included in the breach.
What is Veriff’s response?
A Veriff spokesperson stated: “Veriff provides trust infrastructure to some of the world’s largest brands and maintains rigorous security standards. We urge all customers to review security protocols and recommendations, including SSO, IP whitelisting, and the least access principle.” Veriff has not admitted wrongdoing.
Can I sue Total Wireless even though it wasn’t their system?
Yes. All three class action lawsuits name both Total Wireless and Veriff as defendants. Plaintiffs allege Total Wireless had a duty to ensure its vendor maintained adequate data security practices to protect information it collected on Total Wireless’s behalf.
By AllAboutLawyer.com Staff | Last Updated: March 5, 2026
This article is for informational purposes only and does not constitute legal advice. Legal claims and outcomes depend on specific facts and applicable law. For advice regarding a particular situation, consult a qualified attorney.
About the Author
Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah