CBIZ, a leading financial management and consulting firm, suffered a cyberattack in which it lost confidential client data.
In a data breach notification letter posted on its website earlier this week, CBIZ said that between June 2 and June 21, an anonymous threat actor found and exploited a vulnerability in one of its web pages. They used that vulnerability to extract sensitive customer information that was stored “in certain databases.” We don’t know how many people are affected.
When the company learned of the incident on June 24, it engaged outside cybersecurity professionals to investigate and assess the damage. The results have shown that the incident affected “individuals associated with multiple CBIZ clients.”
Identity theft protection
“The information varied by CBIZ customer and included information related to retiree health and welfare plans that, depending on the individual, could include their name, contact information, Social Security number, date of birth and/or date of death,” the announcement reads.
A month later, on August 28, the company began contacting affected individuals and notifying them of the incident. In the letter, the company offered two years of free credit monitoring and identity theft protection services to people whose Social Security numbers were compromised.
“CBIZ takes its responsibility to protect information very seriously,” the statement concluded. “To help ensure that a similar incident does not occur again, CBIZ has patched the vulnerability and implemented measures to further enhance the security of its systems, and CBIZ is also working closely with law enforcement authorities.”
So far, there is no evidence that the stolen data has been misused, and no threat actor has yet claimed responsibility for the attack.
With more than 120 offices in the United States and more than 6,700 employees, CBIZ is one of the largest organizations in its sector. It offers tax services, insurance, business consulting and human resources services. According to BleepingComputer, its revenue last year was $159 billion.
