Financial management and consulting powerhouse CBIZ suffered a cyberattack in which it lost sensitive customer data.
In a data breach notification letter it posted on its website earlier this week, CBIZ said that between June 2 and June 21, an unnamed threat actor found and exploited a vulnerability in one of its web pages. They used that vulnerability to extract sensitive customer information that was stored “in certain databases”. We don’t know how many people are affected.
When the company learned about the incident, on June 24, it brought in third-party cybersecurity professionals to investigate and assess the damages. The results have shown that “individuals associated with multiple CBIZ clients” were impacted by the incident.
Identity theft protection
“The information varied by CBIZ client and included information related to retiree health and welfare plans which, depending on the individual, may have included their name, contact information, Social Security number, date of birth, and/or date of death,” the announcement reads.
A month later, on August 28, the company started reaching out to affected individuals and notifying them of the incident. In the letter, the company offered two years of complimentary credit monitoring and identity theft protection services to people whose Social Security numbers were compromised.
“CBIZ takes the responsibility of safeguarding information very seriously,” the announcement concludes. “To help ensure a similar incident does not reoccur CBIZ has fixed the vulnerability and implemented measures to further enhance the security of its systems, and CBIZ is also working closely with law enforcement.”
So far, there is no evidence of the stolen data being misused, and at present time, no threat actors have yet assumed responsibility for the attack.
With more than 120 offices in the United States, and more than 6,700 employees, CBIZ is one of the largest organizations in its industry. It offers tax services, insurance, business advice, and human resources services. According to BleepingComputer, its revenue last year was $.159 billion.
