A massive data breach at HR and benefits firm VeriSource Services exposed the personal information of approximately 4 million individuals, including full names, birth dates, addresses, gender, and Social Security numbers. The breach was first detected in February 2024, but most victims were not notified until April 2025, a delay exceeding 14 months. Cybersecurity experts condemned the sluggish response, warning that the stolen data could be exploited for fraud, phishing, and identity theft, posing long-term risks to affected individuals. The breach was executed by external actors, yet VeriSource’s lack of transparency and delayed disclosure drew severe criticism, highlighting failures in both corporate responsibility and compliance. Victims were advised to monitor credit reports, enable fraud alerts, and adopt additional security measures to mitigate potential harm. The incident underscores the real-world consequences of inadequate breach response, leaving millions vulnerable to financial and reputational damage.
Source: https://www.scworld.com/brief/hr-firm-delayed-breach-notice-to-4-million-victims
TPRM report: https://www.rankiteo.com/company/verisource-services-inc.
"id": "ver3221032112725",
"linkid": "verisource-services-inc.",
"type": "Breach",
"date": "2/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '4,000,000',
'industry': 'Human Resources / Employee Benefits',
'name': 'VeriSource Services',
'type': 'HR and Benefits Firm'}],
'customer_advisories': 'Victims advised to monitor credit reports, enable '
'fraud alerts, and adopt security tools.',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '4,000,000',
'personally_identifiable_information': ['Full names',
'Birth dates',
'Addresses',
'Gender',
'Social Security '
'numbers'],
'sensitivity_of_data': 'High (includes SSNs)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': 'February 2024',
'description': 'A data breach at HR and benefits firm VeriSource Services '
'compromised the personal information of around 4 million '
'people. The breach was detected in February 2024, but most '
'affected individuals were not notified until April 2025. The '
'stolen data included full names, birth dates, addresses, '
'gender, and Social Security numbers, exposing victims to '
'risks of fraud, phishing, and identity theft. The delayed '
'disclosure has drawn criticism for lack of transparency and '
'corporate responsibility.',
'impact': {'brand_reputation_impact': 'Intense criticism due to delayed '
'notification and lack of transparency',
'data_compromised': ['Full names',
'Birth dates',
'Addresses',
'Gender',
'Social Security numbers'],
'identity_theft_risk': 'High (due to exposure of SSNs and PII)'},
'lessons_learned': 'Critical importance of timely breach disclosure and '
'victim notification to mitigate risks of fraud and '
'identity theft. Delays in transparency erode trust and '
'exacerbate harm to affected individuals.',
'post_incident_analysis': {'root_causes': ['Delayed detection-to-disclosure '
'timeline',
'Lack of transparency in breach '
'response']},
'recommendations': ['Monitor credit reports for signs of fraud or identity '
'theft.',
'Enable fraud alerts with credit bureaus.',
'Adopt security tools (e.g., identity theft protection '
'services).',
'Improve incident response timelines and communication '
'strategies to avoid compliance and ethical failures.'],
'references': [{'source': 'The 420'}],
'response': {'communication_strategy': 'Delayed notification to victims (14+ '
'months after detection)'},
'threat_actor': 'External actors',
'title': 'Massive Data Breach at VeriSource Services Compromises 4 Million '
'Records',
'type': 'Data Breach'}