4 Million Social Security Numbers May Have Been Leaked in Employee Benefits Company Breach
VeriSource Services, an employee benefits company, recently disclosed that a February 2024 data breach has compromised the personal identifiable data of 4 million people.
In a notice sent to the Maine Attorney General’s office, the Houston, Texas-based company said that a combination of the following employee data may have been compromised: name, address, date of birth, gender and Social Security numbers.
VeriSource first noticed the breach on Feb. 28 last year, which led to a comprehensive review of its systems that concluded earlier this month. VeriSource last September said the breach affected 112,000 people, but has now revised the number substantially.
VeriSource is in the process of notifying impacted individuals who currently work for or were previously employed by its clients.
“As soon as VSI discovered the incident, we took the steps to secure our environment and enlisted a leading, independent cybersecurity firm to conduct a forensic investigation,” the company said in a letter sent to affected individuals this month.
VeriSource said it has implemented several measures to enhance its security and reduce the risk of similar incidents happening in the future.
The company is making identity theft protection and credit monitoring services available for 12 months to affected individuals through IDX. You can enroll in coverage by calling 1-877-520-4007 or visiting this page and providing the enrollment code at the top of your data breach notice.
VeriSource did not immediately respond to CNET’s request for comment.
What should I do if I’m affected by the VeriSource breach?
If your data is compromised in a cybersecurity breach, it could be sold on the dark web to the highest bidder. Criminals can then use that information to target you with phishing attacks, scams and even try to steal your identity.
In the case of this VeriSource breach, affected individuals may not have any idea that their current or former employer shared personal information with the company. Still, if you receive a notice in the mail from VeriSource, it’s probably real and you shouldn’t ignore it.
Here are some other steps you can take.
Sign up for the free identity theft protection
VeriSource is making identity theft protection and credit monitoring services available to affected individuals for one year. Identity theft protection services monitor your identity online and on the dark web for suspicious activity. They are commonly offered by companies after a data breach.
After the year ends, you can choose to sign up for an identity theft service on your own. We recommend Aura, which has a range of plans available.
Scan your credit reports
Despite the VeriSource breach making its way into the news this month, the breach originated in February 2024. So, it’s a good idea to check your credit reports from Equifax, Experian and TransUnion and look for any inaccuracies and report them.
You can download your free credit reports at AnnualCreditReport.com.
Freeze your credit
Since Social Security numbers were leaked in the VeriSource breach, it could make sense to freeze your credit. Doing so will prevent creditors from accessing your credit reports, which prevents cybercriminals from opening lines of credit in your name.
Unfortunately, this also applies to you. If you need to apply for a credit card or loan, you will need to unfreeze your credit with each of the major credit bureaus and then refreeze it after you’ve applied.
You can also request that a fraud alert be placed on your credit for up to one year. Fraud alerts don’t block access to your credit report, but it does require creditors to confirm your identity before extending credit.