Multiple clients of CBIZ Benefits and Insurance Services were affected by a data breach that leaked the personal information of CBIZ's clients’ retired employees, CBIZ reported in a filing with the Office of the Maine Attorney General on Aug. 28.
The company learned of the data breach on June 24 and determined that the leak related to its clients’ retiree health and welfare plans, CBIZ said in the filing.
In its notification, CBIZ said it is offering two years of complimentary credit monitoring and identity theft protection services for individuals whose Social Security numbers were beached. It also said it established a dedicated, toll-free call center for individuals to obtain more information regarding the incident. Individuals can call 1-866-997-7169.
CBIZ, a provider of record-keeping and administration services for retiree health and welfare plans, said that an unauthorized third party was able to exploit a vulnerability associated with one of its web pages and acquired information from certain databases between June 2 and June 21.
CBIZ determined that people associated with multiple CBIZ clients were impacted by the incident, which disclosed individual’s names and Social Security numbers.
Several retirement plan clients
CBIZ disclosed that on Aug. 28 it sent notification letters to Maine residents affected by the leak on behalf of five of its clients: Central Pennsylvania Teamsters, Knoll Inc., Liberty Utilities, Sanofi and Sanofi Pasteur.
A total of seven Maine residents received the notification letter. The filing did not say how many people in total were affected. The vulnerability has since been fixed and measures implemented to further enhance the security of its systems, the company said.
CBIZ declined additional comment beyond what was publicly available in its notification to the Maine Attorney General. Liberty Utilities said it was working closely with CBIZ and that CBIZ was reaching out directly to impacted employees. The four other CBIZ clients did not respond to a request for comment.
The incident follows a ransomware attack on CBIZ in June by the Meow ransomware group, which is known for its double-extortion tactics. The attack led to the unauthorized access and exfiltration of sensitive data, including financial records and personal employee information, according to Halcyon, a website that tracks ransomware attacks.