Worker advantages administration agency VeriSource Companies is warning {that a} knowledge breach uncovered the non-public data of 4 million individuals.
VeriSource is a Texas-based worker advantages administration and HR outsourcing options supplier with numerous shoppers throughout the U.S.
The agency has begun knowledge breach notifications to impacted people a couple of cybersecurity incident that occurred in February 2024, however the impression of which it took them till April 2025 to judge.
In response to VeriSource’s investigation, the incident uncovered delicate data to exterior risk actors.
“On February 28, 2024, VSI turned conscious of surprising exercise that disrupted entry to sure methods,” reads the agency’s discover shared with the authorities.
“Upon discovery, VSI instantly took steps to safe its community and engaged a number one, impartial digital forensics and incident response agency to research what occurred and whether or not any delicate knowledge might have been impacted.”
“The investigation subsequently revealed sure private data might have been acquired with out authorization by an unknown actor on or about February 27, 2024.”
The method of figuring out who had their data uncovered on account of this breach was solely concluded on April 17, 2025, and notices of a knowledge breach had been circulated on April 23.
Within the pattern VeriSource shared with Maine’s Lawyer Common’s workplacethe possibly impacted knowledge sorts embody an worker’s full identify, deal with, date of start, gender, and Social Safety quantity (SSN).
VeriSource now gives twelve months of credit score monitoring, identification safety, and identification restoration providers to these impacted.
It ought to be clarified that VeriSource made makes an attempt beforehand to tell impacted people, sending letters to 55,000 individuals in Could 2024 and one other 112,000 in September 2024. Nonetheless, these figures are removed from the overall of 4,000,000 now disclosed.
When you’ve got obtained a notification from VeriSource, even when admittedly late, it is essential to reap the benefits of the provided credit score and identification safety service as quickly as attainable and stay vigilant for phishing assaults.
BleepingComputer has discovered no VeriSource entries on ransomware extortion portals, so the precise nature of the cybersecurity incident is unclear.
