- Verisource began sending data violation notification letters and reported the February 2024 incident to the AG De Maine
- Now he says that the number of victims is four million, above the initial 55,000.
- Names, addresses and SSN were grabbed in the attack
Four million people may have stolen their confidential data in the violation of Verisource data that occurred last year. The company confirmed the news in a new presentation before the office of the MAINE attorney general, as well as in a letter of data violation sent to the affected people.
Verisource Services is a Houston -based employee benefit management company, with customers in different industries in the US, including medical care, education and the public sector.
Recently he began sending data non -compliance notification letters, in which he said he realized the “unusual activity” that interrupted access to certain systems, on February 28, 2024. The subsequent research, which concluded on April 17, 2025, determined that the threat actors stole “certain personal information” the day before being seen.
Unknown attackers
Stolen information includes names of people, addresses, birth dates, gender information and/or social security numbers (SSN). “Keep in mind that VSI has no evidence of any real or suspicious misuse of the information involved in this incident,” said the company.
It is also worth mentioning that so far no one has assumed the responsibility of the attack and that the data has not appeared anywhere in the Dark website. Therefore, it is difficult to determine whether it was a simple ransomware attack or a ransomware attack.
While the letter did not say how many people were affected by the rape, a list on the website of the Office of the Prosecutor of Maine places the number of victims in four million, compared to 55,000 in May 2024 and another 112,000 in September 2024.
Verisource said it offers 12 months of free credit monitoring, identity robbery protection and identity restoration services to the victims. Although it may sound too little late, the fact that the data has not yet appeared could mean that the offer could make sense.
Through Bleepingcomputer
