Pierluigi Paganini
April 29, 2025
VeriSource is alerting 4 million people after a February 2024 breach that exposed personal information. The data was stolen on February 27, 2024, and the incident was discovered on February 28, 2024.
The company launched an investigation into the security breach.
“April 24, 2025 – Verisource Services, Inc. (“VSI”) experienced a data security incident that involved personal information belonging to employees and dependents of companies that use VSI’s services and has provided notice of this incident to impacted individuals. On February 28, 2024, VSI became aware of unusual activity on our network environment. Upon discovering this activity, VSI immediately took steps to secure our network and launched an investigation with the assistance of independent cybersecurity experts. The investigation subsequently revealed that certain personal information was acquired without authorization on or about February 27, 2024. VSI then commenced a comprehensive review of the affected data to determine whether any sensitive data was involved and whether personal information may have been affected.” reads the notice of data breach published by the company. “On August 12, 2024, that review concluded and we confirmed that certain personal information was involved. Based on that review, an initial set of notices were issued beginning on August 20, 2024. VSI also notified its client companies and continued to work with them to collect the necessary information to notify additional individuals affected by this incident. That process was completed on April 17, 2025. We then took steps to notify impacted individuals of the incident as quickly as possible.”
The review ended on August 12, 2024, revealing personal data like names, addresses, dates of birth, gender, and/or Social Security numbers were compromised. Notifications began August 20, 2024, and were completed by April 17, 2025. Not all data types were impacted for every individual.
The employee benefit administrative services provider VeriSource Services (VSI) is notifying impacted employees and dependents.
VSI reported the breach to the FBI, HHS, and credit agencies, the company is not aware of any misuse of stolen data.
VeriSource offered free 12-month ID protection to the impacted individuals.
Impacted individuals are advised to closely monitor their debit and credit card statements for any unusual activity and promptly contact their card issuer if they notice anything suspicious.
VeriSource Services, Inc., established in 1997 and headquartered in Houston, Texas, is a privately held company specializing in employee benefits administration and enrollment solutions for employer groups. The company offers a range of services, including COBRA administration, dependent verification, ACA reporting, eligibility monitoring, consolidated billing, and direct billing services. The company leverages proprietary, rules-based technology to deliver customized, cost-effective solutions tailored to each client’s needs.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
