Data leak
VeriSource Services HR Benefits Data Breach
Primary Source βIncident Details
VeriSource Services (Texas-based employee benefits and HR administration provider) discovered unusual activity on 28 February 2024. The final breach count was approximately 4 million individuals, though only 55,000 were notified in May 2024 and 112,000 in September 2024 β the majority of victims were not notified until April 2025, over a year after the breach. Exposed data included full names, mailing addresses, dates of birth, gender, and Social Security numbers. At least four federal class action lawsuits filed.
Technical Details
- Initial Attack Vector
- Unauthorized party gained access to VeriSource Services systems on approximately 27 February 2024 and exfiltrated employee benefits data; initial vector not publicly disclosed
Timeline
- 2024-02-27 Breach occurred
- 2024-05-01 Publicly disclosed
- 2025-04-01 Customers notified