Notice of Data Security
Incident
April 24, 2025 – Verisource
Services, Inc. (“VSI”) experienced a data security incident that involved personal
information belonging
to employees and dependents of companies that use VSI’s services and has provided notice of this incident to impacted
individuals.
On February 28, 2024, VSI became aware of unusual activity on our network
environment. Upon discovering this activity, VSI immediately took steps to
secure our network and launched an investigation with the assistance of independent cybersecurity experts. The
investigation subsequently revealed that certain personal information was
acquired without authorization on or about February 27, 2024. VSI then commenced
a comprehensive review of the affected data to determine whether any sensitive data was
involved and whether personal information may have been affected. On August 12, 2024, that review concluded
and we confirmed that certain personal information was involved. Based on that
review, an initial set of notices were issued beginning on August 20,
2024. VSI also notified its client
companies and continued to work with them to collect the necessary information
to notify additional individuals affected by this incident. That process was completed
on April 17, 2025.
We then took steps to notify impacted individuals of
the incident as quickly as possible.
Based on the
investigation, the affected information may have included names, addresses, dates of birth, gender, and/or Social Security numbers. Please
note that not all data elements were affected for all individuals.
As soon as VSI discovered the incident, we took
the steps referenced above. VSI notified
the Federal
Bureau of Investigation and will provide whatever cooperation is necessary
to hold the perpetrators accountable, possible. VSI also notified the U.S.
Health and Human Services Office for Civil Rights and consumer reporting
agencies of this incident. VSI is also taking additional steps to prevent a
similar event from occurring in the future.
VSI is not aware of any
evidence of the misuse of any information potentially involved in this
incident. However, on April 23, 2025, VSI began mailing additional notices of
this incident to potentially impacted individuals for whom there is sufficient address
information. The notice sent to
impacted individuals provided information about the incident and resources that
potentially impacted individuals could utilize to protect their information
including the opportunity to enroll in complimentary
identity protection services through IDX.
VSI has
established a toll-free call center to answer questions about the incident and
to address related concerns. The call
center can be reached at (877) 520-4007 and is available Monday through Friday
from 8:00 a.m. to 8:00 p.m. Central Time (excluding major U.S. holidays. All affected individuals may qualify for complimentary
identity protection services through IDX. Individuals who have not received a notification
letter must obtain verification of eligibility through the call center to
enroll in services.
The privacy and protection of personal and
protected health information is our top priority, and VSI deeply regrets any
inconvenience or concern this incident may cause.
VSI is providing the following
information about steps that individuals can take to help protect their
information:
What steps can I take to protect my information?
What should I do to protect myself from payment card/credit
card fraud?
We suggest that you review your
debit and credit card statements carefully in order to identify any unusual
activity. If you see anything that you
do not understand or that looks suspicious, you should contact the issuer of
the debit or credit card immediately.
How do I obtain a copy of my credit report?
You can obtain a copy of your credit
report, free of charge, directly from each of the three nationwide credit
reporting agencies once every twelve (12) months. To do so, please visit
www.annualcreditreport.com or call toll-free at 1-877-322-8228. Contact
information for the three agencies is included in the notification letter and
is also listed at the bottom of this page.
How do I put a fraud alert on my account?
You may consider placing a fraud
alert on your credit report. This fraud alert informs creditors of possible
fraudulent activity within your report and requests that creditors contact you
prior to establishing any accounts in your name. To place a fraud alert on your
credit report, contact Equifax, Experian or TransUnion and follow the Fraud
Victims instructions. To place a fraud alert on your credit accounts, contact
your financial institution or credit provider. Contact information for the
three nationwide credit reporting agencies is listed below.
Contact information for the three
nationwide credit reporting agencies is as follows:
Equifax
Security Freeze |
Experian
Security Freeze |
TransUnion
(FVAD) |