Business services giant CBIZ discloses customer data breach
CBIZ Benefits & Insurance Services (CBIZ) has disclosed a data breach that involves unauthorized access of client information stored in specific databases.
The company informs that a threat actor exploited a vulnerability in one of its web pages and was able to steal customer data between June 2 and June 21.
CBIZ is a management consulting company that provides financial and benefits and insurance services to various organizations and individual customers.
The organization on June 24 discovered the intrusion and learned of the compromise following an investigation with the help of cybersecurity professionals.
“On June 24, 2024, CBIZ learned that an unauthorized party may have acquired information from certain databases,” reads the notification.
“CBIZ’s investigation determined that an unauthorized party was able to exploit a vulnerability associated with one of its web pages and acquired information from certain databases between June 2, 2024, and June 21, 2024,” the company says.
Hackers stole information belonging to nearly 36,000 individuals, which includes:
- Name
- Contact details
- Social Security number
- Date of birth/death
- Retiree health information
- Welfare plan information
CBIZ is one of the largest professional services companies in the United States, offering accounting and tax services, insurance solutions, business advisory services, and human resources services.
The company operates 120 offices across the country and employs 6,700 people. In 2023, it recorded a revenue of $1.59 billion.
CBIZ clients confirmed to have been impacted by this incident started to receive personalized notifications on August 28, 2024.
Although the company has no evidence that data stolen in the data breach has been misused, CBIZ provides in the disclosure guidance on how to enroll in a two-year credit monitoring and identity theft protection service to reduce potential risk.
Additionally, impacted clients are advised to consider placing a credit/security freeze and adding a fraud alert to their credit report.
RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors
Linux version of new Cicada ransomware targets VMware ESXi servers
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
InformationalInformation Disclosure - Suspicious Comments
InformationalRe-examine Cache-control Directives
Free online web security scanner