Data leak
CBIZ Benefits & Insurance Services Data Breach
Primary Source βIncident Details
CBIZ Benefits & Insurance Services (subsidiary of business services giant CBIZ Inc.) disclosed a breach affecting 35,953 individuals who had retiree health information on file. Exposed data included names, contact information, dates of birth, SSNs, retiree health information, and welfare plan information. The breach was discovered June 24, 2024. CBIZ reported 9,103 individuals’ protected health information was involved, per HHS OCR filing. CBIZ had suffered a prior similar breach in 2023.
Technical Details
- Initial Attack Vector
- Unauthorized party exploited a vulnerability in a CBIZ web page to access and exfiltrate data from certain databases between June 2-21, 2024
Timeline
- 2024-06-02 Breach occurred
- 2024-08-28 Publicly disclosed
- 2024-08-28 Customers notified