CBIZ Benefits & Insurance Services (CBIZ) recently disclosed a data breach resulting from unauthorized access to client information stored in certain databases. The CBIZ data breach, which occurred between June 2, 2024, and June 21, 2024, involved a threat actor exploiting a vulnerability in one of CBIZ’s web pages.
“CBIZ’s investigation determined that an unauthorized party was able to exploit a vulnerability associated with one of its web pages, and acquired information from certain databases between June 2, 2024 and June 21, 2024,” reads the official notice.
Details of CBIZ Data Breach
According to the official notice, on June 24, 2024, CBIZ discovered that an unauthorized party might have accessed information from specific databases. Following this discovery, the company promptly launched an investigation with the assistance of cybersecurity professionals to determine the extent of the CBIZ data breach and identify the compromised data.
CBIZ conducted a review of the data acquired and determined that individuals associated with multiple CBIZ clients were impacted by the incident,” reads the official notice from CBIZ.
The data breach at CBIZ impacted individuals associated with multiple CBIZ clients, specifically involving data related to retiree health and welfare plans. Depending on the individual, the compromised data may have included their name, contact information, social security number, date of birth, and, in some cases, date of death.
CBIZ’s Response and Notification Efforts
Upon identifying the breach, CBIZ conducted a thorough review of the acquired data to assess the impact on its clients. Starting on July 24, 2024, CBIZ began notifying affected clients about the incident and providing details about the compromised data specific to each client.
By August 28, 2024, CBIZ had mailed letters to the affected individuals on behalf of its clients, informing them of the breach and outlining the steps being taken to protect their information.
To mitigate the potential consequences of the breach, CBIZ has offered two years of complimentary credit monitoring and identity theft protection services for individuals whose Social Security numbers were involved in the incident.
“CBIZ has offered two years of complimentary credit monitoring and identity theft protection services for individuals whose Social Security number was involved,” informed CBIZ.
Security Measures and Ongoing Investigation
The company has addressed the vulnerability that allowed the breach and has implemented additional security measures to enhance the protection of its systems. Furthermore, CBIZ is working closely with law enforcement agencies to investigate the breach and bring the responsible parties to justice.
Despite the seriousness of the breach, CBIZ has reported no evidence of misuse of any individual’s information resulting from the incident. However, the company continues to monitor the situation closely and is providing resources to affected individuals to help them protect their information.
Advice for Affected Individuals in CBIZ Data Breach
CBIZ advises all potentially affected individuals to remain vigilant against fraud or identity theft. It is recommended that individuals review their account statements and free credit reports regularly over the next 12 months to check for any unauthorized activity.
Individuals can obtain a free copy of their credit report once every 12 months from each of the three nationwide credit reporting companies.
As the investigation in CBIZ data breach continues, company is likely to implement further enhancements to its security infrastructure to safeguard against future breaches and maintain the trust of its clients.