VeriSource Services, Inc., a Houston-based company specializing in employee benefits administration, experienced a significant data breach in February 2024, which has now impacted an estimated four million individuals.

VeriSource initially reported that only 55,000 individuals were affected, but this number has since been revised dramatically to four million after further investigation.

The compromised data includes names, addresses, dates of birth, genders, and Social Security numbers of employees and dependents of companies using VeriSource's services.

Individuals impacted by the breach are advised to closely monitor their financial statements for any unusual activity and to report any suspicious findings to their card issuers.

This incident occurs amid a broader rise in cybercrime, with the FBI reporting that cybercrime cost U.S. organizations and individuals an estimated $16.6 billion in 2024.

As of now, no specific cybercriminal group has claimed responsibility for the attack, and the nature of the breach remains unclear, with no evidence of the stolen data appearing on the dark web.

The breach was initially discovered on February 28, 2024, following unusual activity that disrupted access to the company's systems, and it was confirmed that sensitive personal information had been exfiltrated.

Investigations into the breach concluded on April 17, 2025, revealing that the data theft occurred just before the unusual activity was detected.

Despite the scale of the breach, VeriSource has reported no evidence suggesting that the stolen data has been misused, and the company has been cooperating with the FBI since the incident was discovered.

To assist those affected, VeriSource is offering 12 months of free credit monitoring, identity theft protection, and identity restoration services.

Notifications to affected individuals began on August 20, 2024, and the identification process for additional victims was completed by April 17, 2025.

VeriSource has expressed regret over the incident and its impact on those affected, reaffirming its commitment to protecting personal and health information.