4 Million Affected by VeriSource Data Breach

Employee benefit administrative services provider VeriSource Services is notifying four million individuals that their personal information was stolen in a year-old hack.

The incident, the company says, was discovered on February 28, 2024, one day after a threat actor exfiltrated data from its systems.

A review of the compromised data was concluded on August 12, 2024, and the company started notifying the potentially impacted individuals a week later.

The stolen information, VeriSource says, belonged to employees and dependents of companies using its services, and it has been working with these companies to “collect the necessary information to notify additional individuals affected by this incident”.

“That process was completed on April 17, 2025. We then took steps to notify impacted individuals of the incident as quickly as possible,” VeriSource notes in a data breach notice.

The potentially compromised information, the company says, differs by individual, but generally includes names, addresses, dates ...