VeriSource Data Breach affects 4 million Americans: SSNs exposed

On April 17, 2025, VeriSource Services, Inc., a company specializing in employee benefits administration and enrollment solutions, discovered a significant data breach affecting approximately 4,000,000 individuals across the United States. The breach, which actually occurred on February 28, 2024, was not identified until nearly two months later.

According to official notices filed with several state attorneys general, the exposed information includes names, addresses, and Social Security numbers—types of personally identifiable information (PII) that can be particularly sensitive and valuable to cybercriminals. There is no indication that protected health information (PHI) was compromised in this incident.

The breach impacted residents in multiple states, including 3,163 individuals in Maine, 209 in Massachusetts, and a substantial 121,108 in South Carolina. The company formally notified affected consumers by written notice sent via U.S. Mail, beginning on April 23, 2025. Further details and official documentation about the breach can be found on the Maine Attorney General’s website, Massachusetts Attorney General’s website, California Attorney General’s website, Vermont Attorney General’s website, and South Carolina Attorney General’s website.pdf).

The breach is notable for both its scale and the nature of the information exposed. Social Security numbers, in particular, are highly sought after by identity thieves, which increases the risk of identity fraud for those affected. At this time, the specific method by which the breach occurred and the party responsible have not been disclosed.

VeriSource Services' response

After discovering the breach, VeriSource Services, Inc. took steps to notify affected individuals in accordance with state laws. Written notifications were sent via U.S. Mail, beginning on April 23, 2025. The company also filed notifications with the attorneys general in several states, making information about the breach publicly available.

If you have received a notification letter from VeriSource Services, Inc., it is important to remain vigilant. Since Social Security numbers and other PII were exposed, you should consider taking the following steps:

• Monitor your credit reports for any suspicious activity.
• Place a fraud alert or security freeze on your credit files with the major credit bureaus.
• Be cautious of unsolicited communications that ask for personal information.
• Review the official notice provided by VeriSource Services, Inc. for any additional resources or instructions.