- Verisource began to send letters to notify data violation and reported the February 2024 incident to Maine’s Ag
- He now says that the number of victims is four million, against the first 55,000
- The names, addresses and SSN were seized in the attack
Four million people may have stolen their sensitive data in the Verisource data violation that occurred last year. The company has confirmed the news in a new file to the Maine Prosecutor’s Office General, as well as in a letter of data violation sent to affected persons.
Verisource Services is a company to administration of benefits based in Houston, with customers from different industries in the United States, including health care, education and the public sector.
He recently began to send letters to notify data violation, in which he declared that he had become aware of “unusual activity” which disrupted access to certain systems, on February 28, 2024. The subsequent investigation, which ended on April 17, 2025, determined that the threat actors stole “certain personal information” the day before.
Unknown attackers
Stolen information includes the names of people, addresses, birth dates, gender information and / or social security numbers (SSN). “Please note that VSI has no evidence of real abusive use or suspected of information involved in this incident,” said the company.
It should also be mentioned that no one has so far assumed the responsibility of the attack and that the data has not surfaced anywhere on the Dark Web. Therefore, it is difficult to determine whether it was a simple Smash-And-Grab, or a ransomware attack.
Although the letter did not say how many people were affected by the violation, registration on the website of the Maine Prosecutor General’s Office put the number of victims to four million, against 55,000 in May 2024 and 112,000 others in September 2024.
Verisource said that it offers 12 months of free credit supervision services, protection against identity theft and identity catering services to victims. Although it may seem too little too late, the fact that the data is not yet overfacked could mean that the offer could make sense.
Via Bleeping Compompute
