CBIZ Benefits & Insurance Services (CBIZ) disclosed a data breach incident that involved the unauthorised access of threat actors that exposed the client information stored in some of the company’s databases.
Based on reports, an unknown individual exploited a vulnerability in one of the company’s web pages between June 2 and June 21. The exploitation allowed the unauthorised actor to steal customer data.
This affected company is a management consulting entity offering various corporate and individual benefits and financial and insurance services. It is one of the leading professional service firms in the United States since it provides accounting and tax services, insurance solutions, business consultancy services, and human resource services.
The corporation has 120 offices throughout the country and employs 6,700 employees. Malicious individuals might have taken a liking to attacking the company since it generated $1.59 billion in sales last year.
On June 24, the business identified the breach and spotted the compromise after investigating with the assistance of a third-party security provider. The company claimed that the attacker may have acquired information from specific databases on June 24, causing concern to relevant individuals affected by the attack.
CBIZ confirmed that the alleged threat actors have stolen data that could impact more than 30,000 individuals.
The CBIZ investigation disclosed that the threat actors stole information that compromised approximately 36,000 people. In addition, the investigation confirmed that the attack nabbed various information, including names, contact information, Social Security numbers, dates of birth, dates of death, Retiree Health Information, and welfare plan information.
On the other hand, CBIZ has started to roll out specially crafted notification letters to clients who were confirmed to have been affected by this incident.
Although there is no evidence that the stolen data in the data breach was misused, CBIZ’s disclosure still included instructions on enrolling in a 24-month credit monitoring and identity theft protection plan to mitigate or prevent possible risks.
Potentially impacted clients may consider placing a credit/security freeze and issuing a fraud alert to their credit report, as the attackers could strike at any moment using the stolen information from the data breach incident.