CBIZ Benefits & Insurance Services, Inc. (CBIZ) has announced a data breach that potentially compromised sensitive information linked to retiree health and welfare plans. The breach, which occurred between June 2, 2024, and June 21, 2024, was discovered on June 24, 2024, after an unauthorized party exploited a vulnerability on one of the company's web pages. The incident is suspected to be the result of an SQL injection attack, a common method used by cybercriminals to infiltrate databases.
CBIZ is one of the largest providers of professional services in the United States, with a focus on accounting, tax, financial, and advisory services. The company operates through various subsidiaries, offering a wide range of solutions, including benefits consulting, property and casualty insurance, and retirement planning. CBIZ serves over 100,000 clients across various industries, including healthcare, financial services, and public sector entities.
Incident details
Upon learning of the breach, CBIZ immediately launched an investigation with the assistance of cybersecurity experts. The investigation revealed that the unauthorized party gained access to certain databases by exploiting a vulnerability in one of CBIZ’s web pages. The exposed information varies by client and may include:
- individuals' names,
- contact information,
- Social Security numbers,
- dates of birth,
- dates of death,
- retiree health,
- and welfare plan information.
The breach has affected individuals associated with multiple CBIZ clients. On July 24, 2024, CBIZ began notifying its clients about the incident, and by August 28, 2024, the company had mailed letters to the impacted individuals. CBIZ has offered two years of complimentary credit monitoring and identity theft protection services to those whose Social Security numbers were exposed.
SQL injection suspected
The nature of the breach indicates signs of an SQL injection attack. SQL injection is a technique where attackers insert malicious SQL queries into input fields of a web application, allowing them to manipulate the database and gain unauthorized access to sensitive data. This type of attack is often successful when web applications fail to adequately validate and sanitize user inputs.
CBIZ has implemented immediate measures to address the vulnerability and prevent future incidents. The company says it has fixed the exploited web page vulnerability and is enhancing its overall system security. CBIZ is also cooperating closely with law enforcement to investigate the breach further. To support affected individuals, CBIZ has established a dedicated call center available at 1-866-997-7169, operating Monday through Friday.
Although CBIZ has no evidence of misuse of the compromised data, the company advises affected individuals to remain vigilant. Individuals should monitor their account statements and credit reports for any signs of unauthorized activity. CBIZ also recommends placing fraud alerts or security freezes on their credit files to protect against potential identity theft.
North Korean Hackers ‘Citrine Sleet’ Exploited Zero-Day in Chrome
Leave a Reply