The Target: CBIZ is a management consulting company that provides financial and benefits and insurance services to various organizations and individual customers.
The Take: Hackers stole information belonging to nearly 36,000 individuals, which includes: name, contact details, Social Security Number, date of birth/death, retiree health information, welfare plan information.
The Vector: The company informs that a threat actor exploited a vulnerability in one of its web pages and was able to steal customer data between June 2 and June 21.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.