VeriSource data breach impacted about 4 million individuals

Houston, Texas-based employee benefit service provider, VeriSource Services, said that a cyber attack it suffered last year compromised the sensitive personal information of 4 million individuals.

 

VeriSource announced in February last year that said that it identified unusual activities in its internal network and launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident. It also took steps to secure the affected network and notified law enforcement authorities about the incident.

 

“The investigation subsequently revealed that certain personal information was acquired without authorisation on February 27, 2024,” VeriSource said.

 

“VSI then commenced a comprehensive review of the affected data to determine whether any personal information may have been affected. On August 12, 2024, that review concluded and VSI confirmed that certain personal information was involved.”

 

The compromised data included names, dates of birth, and Social Security numbers. 

 

Initially, VeriSource, in its filing with the U.S. Department of Health and Human Services Office said that it has identified 112,726 individuals impacted by the incident. However, in a fresh filing with the Maine state regulator, the company said that at least 4,000,000 individuals were impacted by the incident.

 

“As soon as the incident was discovered, VSI notified the Federal Bureau of Investigation and will provide whatever cooperation is necessary to hold the perpetrators accountable. VSI also notified the U.S. Health and Human Services Office for Civil Rights and consumer reporting agencies of this incident. VSI is also taking additional steps to prevent a similar event from occurring in the future,” the company added.

 

While VeriSource found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

 

It has also offered complimentary identity protection and credit monitoring services through IDX to all affected individuals.