Worker advantages administration agency VeriSource Companies is warning {that a} information breach uncovered the private data of 4 million folks.
VeriSource is a Texas-based worker advantages administration and HR outsourcing options supplier with various purchasers throughout the U.S.
The agency has begun information breach notifications to impacted people a few cybersecurity incident that occurred in February 2024, however the impression of which it took them till April 2025 to guage.
In line with VeriSource’s investigation, the incident uncovered delicate data to exterior menace actors.
“On February 28, 2024, VSI grew to become conscious of surprising exercise that disrupted entry to sure methods,” reads the agency’s discover shared with the authorities.
“Upon discovery, VSI instantly took steps to safe its community and engaged a number one, impartial digital forensics and incident response agency to analyze what occurred and whether or not any delicate information might have been impacted.”
“The investigation subsequently revealed sure private data might have been acquired with out authorization by an unknown actor on or about February 27, 2024.”
The method of figuring out who had their data uncovered on account of this breach was solely concluded on April 17, 2025, and notices of a knowledge breach had been circulated on April 23.
Within the pattern VeriSource shared with Maine’s Lawyer Normal’s workplace, the possibly impacted information varieties embrace an worker’s full identify, tackle, date of start, gender, and Social Safety quantity (SSN).
VeriSource now affords twelve months of credit score monitoring, identification safety, and identification restoration providers to these impacted.
It ought to be clarified that VeriSource made makes an attempt beforehand to tell impacted people, sending letters to 55,000 folks in Might 2024 and one other 112,000 in September 2024. Nevertheless, these figures are removed from the entire of 4,000,000 now disclosed.
When you’ve got obtained a notification from VeriSource, even when admittedly late, it is essential to make the most of the supplied credit score and identification safety service as quickly as doable and stay vigilant for phishing assaults.
BleepingComputer has discovered no VeriSource entries on ransomware extortion portals, so the precise nature of the cybersecurity incident is unclear.
