CBIZ Benefits & Insurance Services (CBIZ) has disclosed a data breach that involves unauthorized access of client information stored in specific databases.
The company informs that a threat actor exploited a vulnerability in one of its web pages and was able to steal customer data between June 2 and June 21.
CBIZ is a management consulting company that provides financial and benefits and insurance services to various organizations and individual customers.
The organization on June 24 discovered the intrusion and learned of the compromise following an investigation with the help of cybersecurity professionals.
“On June 24, 2024, CBIZ learned that an unauthorized party may have acquired information from certain databases,” reads the notification.
“CBIZ’s investigation determined that an unauthorized party was able to exploit a vulnerability associated with one of its web pages and acquired information from certain databases between June 2, 2024, and June 21, 2024,” the company says.
Hackers stole information belonging to nearly 36,000 individuals, which includes:
- Name
- Contact details
- Social Security number
- Date of birth/death
- Retiree health information
- Welfare plan information
CBIZ is one of the largest professional services companies in the United States, offering accounting and tax services, insurance solutions, business advisory services, and human resources services.
The company operates 120 offices across the country and employs 6,700 people. In 2023, it recorded a revenue of $1.59 billion.
CBIZ clients confirmed to have been impacted by this incident started to receive personalized notifications on August 28, 2024.
Although the company has no evidence that data stolen in the data breach has been misused, CBIZ provides in the disclosure guidance on how to enroll in a two-year credit monitoring and identity theft protection service to reduce potential risk.
Additionally, impacted clients are advised to consider placing a credit/security freeze and adding a fraud alert to their credit report.
Source: www.bleepingcomputer.com