Hackers Stole Social Security Numbers From CBIZ Again

Posted on by Going Concern News Desk
computer screen with the word "security" and a mouse pointer

CBIZ has filed a data breach notification with the attorney general of Maine and you know what that means. Wait, maybe you don’t know what that means. Maine has a law that requires “information brokers” — such as an accounting firm that would be in possession of personal identifying information (PII) gathered from clients to perform services for them — to inform residents of Maine when they discover a data breach that has or is reasonably believed to have been acquired by an unauthorized person. They also have to file with the attorney general and do so “as expediently as possible and without reasonable delay.” In other words, if they get hacked they have to let victims and the state know (all 50 states require information brokers to inform customers of a breach, not all require a filing with the state). And that’s what happened to CBIZ.

CBIZ is the biggest firm to be data breached in recent months that we’re aware of since PwC and EY found themselves tangled in the MOVEit cybersecurity breach and ransom last year. CBIZ was also hit by the MOVEit vulnerability and informed 35,843 people their Social Security numbers were probably jacked by bad actors last year.

CBIZ Benefits & Insurance Services, Inc. provides actuarial, administration and investment advisory solution services for organizations, as well as providing recordkeeping and administration for retiree health and welfare plans.

According to the notification, it was retiree health and welfare plans that were accessed and the data included names and Social Security numbers.

Says the notification:

On June 24, 2024, CBIZ learned that an unauthorized party may have acquired information from certain databases. CBIZ promptly launched an investigation with the assistance of cybersecurity professionals. CBIZ’s investigation determined that an unauthorized party was able to exploit a vulnerability associated with one of its web pages, and acquired information from certain databases between June 2, 2024 and June 21, 2024. CBIZ conducted a review of the data acquired and determined that individuals associated with multiple CBIZ clients were impacted by the incident.

The retiree plan clients are:

  • Central Pennsylvania Teamsters
  • Knoll, Inc.
  • Liberty Utilities
  • Sanofi
  • Sanofi Pasteur

Seven Maine residents were affected by this breach. No information was given on how many victims there may be in other states in the AG filing referred to here. CBIZ began notifying victims on August 28, 2024.

Related Posts

Accounting News Roundup: Financial Reform Finalized; Banco Espirito v. BDO 2.0; Small Win for Skilling, Big Loss for PCAOB? | 06.25.10

U.S. Lawmakers Reach Accord on New Finance Rules [WSJ]
By the end of this one, can’t you picture an exhausted Barney Frank with his tie loosened to mid-torso, pants undone with fly wide open open and some staffer dabbing his sweaty brow?

“After more than 20 hours of continuous wrangling, Congressional Democrats and White House officials reached agreement on the final shape of legislation that would transform financial regulation, avoiding last-minute defections among New York lawmakers that had threatened to upend the bill.

After months of uncertainty about how the U.S. would craft new rules, the agreement offers th ince the financial crisis of how markets and the government will interact for decades to come. The common thread: large financial companies are facing a tougher leash.”

Just in case you missed it yesterday, former SEC Chairman Arthur Levitt isn’t nearly as excited as some people about the bill. The President is expected to sign the bill before July 4.

Sidenote on this one: how the Journal managed to slip Maxine Waters through as one of a dozen “players” in this bill should cause you to question – if even for just a minute – the credibility of the paper.

Florida Appeals Court Turns Down Heat, For Now, On BDO Seidman [Re: The Auditors]
Francine’s take on the decision by the Florida 3rd District Court of Appeal to order a trial in the Banco Espirito v. BDO case. An event she isn’t thrilled about, “My doubts about the efficacy of a new trial are based on the disappointing, frustrating and completely unsatisfying way the court and the judges in this case have proceeded. Some of the additional comments raised by the Appeals Court do not bode well for this plaintiff’s chances next time around.”


Supreme Court Rolls Back a Law Born of Enron [NYT/Floyd Norris]
In more Congressional ineptitude (at least in the eyes of the SCOTUS), former Enron CEO Jeff Skilling won his case at the high court, arguing that “the concept of committing fraud through depriving an employer of ‘honest services’ was not adequately defined in the law,” Floyd Norris writes.

In other words, the “idea” of fraud being a kickback or a bribe is obvious and was defined. Manipulating mark-to-market and off-balance sheet accounting rules or “something else equally outrageous” were not and thus the law was unconstitutional. Long story/short, Norris writes, is that

Funny story on the way to this Skilling outcome – if the SCOTUS rules against the PCAOB (it is expected on Monday), “It will blame Congress for writing bad laws,” Norris writes. And who forced Congress into action on Sarbanes-Oxley?

BP: Oil-Spill Cost Hits $2.35 Billion [WSJ]
Has anyone handicapped this? Obviously the $20 billion reserve is a good ballpark figure but the overs have to be a pretty solid bet on that. Takers?

Caturano being acquired by RSM McGladrey [Boston Business Journal]
The firm fka RSM McGladrey purchased Caturano and Company, the fifth largest firm in Boston. The deal, if approved by H&R Block, would make RSM McGladrey…the fifth largest firm in Boston.

accounting-who-wins-fight

Let’s Play a Game of ‘Who Would Win in a Fight’ Accounting Edition

As you may have heard, busy season is over for many miserable accountants across the […]