CBIZ Benefits & Insurance Services, Inc. Data Breach

NOTICE: If you received a NOTICE OF DATA BREACH letter from CBIZ Benefits & Insurance Services, Inc., contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.

On August 28, 2024, CBIZ Benefits & Insurance Services, Inc. (“CBIZ”) reported a cybersecurity incident (“Data Breach”) to the Attorney General of Maine. CBIZ disclosed that on June 24, 2024, it detected a suspicious activity in its system. A subsequent investigation confirmed that between June 2, 2024, and June 21, 2024, an unauthorized third party had accessed and obtained sensitive information associated with several of CBIZ’s clients in CBIZ’s database.

On August 28, 2024, CBIZ began sending out data breach notification letters to those affected by the Data Breach. Each notification letter includes an offer for a complimentary membership to Kroll Identity Monitoring, a service that provides identity monitoring.

As the Data Breach was only recently announced, CBIZ has not yet disclosed further details. If you received a data breach notification letter from CBIZ, it indicates that you were affected by the Data Breach.

Headquartered in Cleveland, Ohio, CBIZ, Inc. is a leading provider of financial, insurance, and advisory services in the United States and parts of Canada. With over 120 offices and nearly 7,000 team members, CBIZ reported annual revenue of approximately $1.4 billion for the fiscal year ending December 31, 2023. CBIZ Benefits & Insurance Services, Inc. is a division of CBIZ, Inc., specializing in employee benefits consulting, property and casualty insurance, and retirement and investment services.

WHAT INFORMATION IS INVOLVED?

The type of compromised information varied among individuals and potentially included:

  • Full names,
  • Birth/death dates,
  • Social Security numbers,
  • Contact information,
  • Retiree health information,
  • Welfare plan details.

This information is referred to as your Personally Identifiable Information (“PII”). It provides critical details about you and is an integral part of your identity. Businesses are legally required to protect this information, or they risk incurring statutory penalties and other legal repercussions. When PII is stolen, it can be used by identity thieves to commit fraudulent activities using your identity.

The compromised information also includes your Protected Health Information (“PHI”), a specific type of PII. It is protected under both state and federal law. Healthcare providers and other businesses that handle PHI are required to protect that information. Like stolen PII, stolen PHI can be used by identity thieves to engage in fraudulent activity using your identity. Quite often, PII and PHI are used in conjunction by hackers.

The best way to protect yourself after a data breach is to sign up for credit and identity protection services as soon as possible. California offers extra protections and legal rights to its residents through the California Consumer Privacy Act (“CCPA”).

NOTICE: If you received a NOTICE OF DATA BREACH letter from CBIZ Benefits & Insurance Services, Inc., contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.