VeriSource Services, Inc., a Houston-based service provider, has disclosed a data breach it suffered after an external system was compromised earlier this year, affecting four million individuals.
The breach, discovered in April 2025, resulted in the exposure of sensitive personal information.
According to the details in a filing with the Maine Attorney General's office, the breach occurred on February 28, 2024, but was not detected until nearly fourteen months later, on April 17, 2025. Following the discovery, VeriSource began notifying affected individuals on April 23, 2025, offering them complimentary identity protection services.
“On February 28, 2024, VSI became aware of unusual activity that disrupted access to certain systems,” reads the notice sent to impacted individuals.
“Upon discovery, VSI immediately took steps to secure its network and engaged a leading, independent digital forensics and incident response firm to investigate what happened and whether any sensitive data may have been impacted.”
“The investigation subsequently revealed certain personal information may have been acquired without authorization by an unknown actor on or about February 27, 2024.”
VeriSource Services operates in the commercial sector, providing various administrative and operational services, often handling sensitive client and consumer information. Headquartered in Houston, Texas, VeriSource plays a behind-the-scenes but critical role for various business clients, making the breadth of the breach particularly concerning.
The data compromised in the attack includes individuals' names in combination with other personal identifiers, though the exact nature of the additional data elements was not fully detailed in the notification letter. However, the notification confirms that sufficiently sensitive information was involved to warrant mandatory reporting and the provision of identity protection services.
Notably, VeriSource has experienced previous data security incidents within the past twelve months, with earlier notifications filed in August and November 2024. These repeated breaches raise concerns about the firm's broader cybersecurity posture and incident response protocols.
To mitigate risks for those impacted, VeriSource offers 12 months of complimentary services through IDX, including credit monitoring, identity theft protection, and identity restoration support. Affected individuals are encouraged to enroll promptly, review their account statements, and monitor their credit reports for suspicious activity.
Leave a Reply