CBIZ says web page breach led to theft of customer data
Financial management and consultancy firm CBIZ was hit by a cyber attack, resulting in the loss of sensitive customer data.
In a data breach notice posted on CBIZ’s website earlier this week, CBIZ said that between June 2 and June 21, an anonymous threat actor found and exploited a vulnerability in one of CBIZ’s web pages. They used the vulnerability to extract sensitive customer data stored “in certain databases.” It is not known how many people were affected.
When the company learned of the incident on June 24, it engaged outside cybersecurity professionals to investigate and assess the damage. The results showed that “individuals associated with multiple CBIZ customers” were affected by the incident.
Identity theft protection
“The information varied by CBIZ customer and included information related to retiree health and welfare plans, which, depending on the individual, may include their name, contact information, Social Security number, date of birth and/or date of death,” the announcement said.
A month later, on August 28, the company began contacting affected individuals to notify them of the incident. In the letter, the company offered two years of free credit monitoring and identity theft protection to people whose Social Security numbers had been compromised.
“CBIZ takes its responsibility to protect information very seriously,” the announcement concludes. “To help prevent a similar incident from happening again, CBIZ has fixed the vulnerability and implemented measures to further enhance the security of its systems. CBIZ is also working closely with law enforcement.”
So far, there is no evidence that the stolen data has been misused, and no cybercriminals have claimed responsibility for the attack.
With over 120 offices in the United States and over 6,700 employees, CBIZ is one of the largest organizations in its industry. It offers tax services, insurance, business consulting and staffing services. According to BleepingComputer, its revenue last year was $0.159 billion.