CBIZ Benefits and Insurance Services
Utilize our Free Assessment to know for sure if your IT setup would remain online

CBIZ Benefits & Insurance Services (CBIZ), an accounting, financial, and insurance services company, reports that it suffered a significant data breach last June that exposed the information of nearly 36,000 individuals.  

This comes off the heels of last years MOVEit Data Breach that CBIZ was also hit for, impacting over 35,000 individuals.  

This new breach in June, caused by a vulnerability in one of CBIZ’s web pages, allowed unauthorized access to client data stored in specific databases to hackers. Hackers were able to access private customer data for nearly three weeks.  

What Was Stolen in the CBIZ Data Breach?

The CBIZ data breach compromised a wide range of sensitive information, including: 

  • Full Names 
  • Contact details 
  • Social Security numbers 
  • Dates of birth and death 
  • Retiree health information 
  • Welfare plan details 
  • And more… 

This stolen data is particularly concerning because it includes not only basic personal information but also highly sensitive details that could be used for identity theft, financial fraud, and other malicious activities.  

What You Can Do to Protect Yourself

If you have been notified by CBIZ that your information was part of this breach, it is crucial to take proactive steps to protect yourself: 

  1. Enroll in the Credit Monitoring Service: Take advantage of the two years of free credit monitoring offered by CBIZ. This service will alert you to any suspicious activity on your credit report. 
  2. Place a Credit Freeze: A credit freeze prevents new accounts from being opened in your name, providing an additional layer of protection. 
  3. Set Up Fraud Alerts: Notify credit bureaus to set up fraud alerts on your accounts. This will require businesses to take extra steps to verify your identity before issuing credit. 
  4. Monitor Your Accounts Regularly: Keep a close eye on your bank and credit card statements for any unauthorized transactions. 
  5. Be Wary of Phishing Scams: Following a data breach, cybercriminals may attempt to exploit your information through phishing emails or calls. Be cautious of unsolicited communications requesting personal information. 

What This Breach Means for the Insurance Industry

The CBIZ breach serves as a wake-up call for the entire financial services industry. The breach underscores the fact that even a single vulnerability in a web page can lead to a large-scale data compromise, affecting thousands of individuals and potentially causing irreparable damage to an organization’s reputation.

Key Takeaways for Financial Companies

To prevent similar incidents, everyone must take proactive steps to strengthen their cybersecurity defenses. Here are some essential measures every CEO should consider: 

  1. Regular Security Audits: Conduct comprehensive audits of all digital assets, including websites, databases, and internal networks. Identifying and addressing vulnerabilities before they are exploited is crucial. 
  2. Up-to-Date Software: Ensure that all software, especially web applications, is up to date with the latest security patches. Outdated software is often an easy entry point for attackers. 
  3. Employee Training: Cybersecurity is not just a technical issue; it’s also a human one. Regularly train employees on recognizing phishing attempts, social engineering tactics, and other common methods used by cybercriminals. 
  4. Multi-Factor Authentication (MFA): Implement MFA across all systems to add an extra layer of security. Even if login credentials are compromised, MFA can prevent unauthorized access. 
  5. Data Encryption: Encrypt sensitive data both at rest and in transit. This ensures that even if data is intercepted or accessed, it remains unreadable to unauthorized users. 
  6. Incident Response Plan: Develop and regularly update an incident response plan. This plan should include steps for containment, investigation, notification, and recovery following a breach. 
  7. Third-Party Vendor Management: Many breaches occur through third-party vendors. Vet and monitor the cybersecurity practices of any third-party providers that have access to your systems or data. 

How Repeated Data Breaches Erode the Industry as a Whole

Increased Regulatory Scrutiny

The breach may lead to heightened scrutiny from regulators, resulting in more frequent audits and stricter compliance requirements across the industry. Companies might face increased operational costs as they enhance their cybersecurity defenses to avoid similar breaches. 

Erosion of Client Trust

The breach could erode client trust in financial service providers, making clients more cautious about sharing sensitive information. Companies may need to be more transparent about their cybersecurity practices and offer additional protections to reassure clients. 

Reputational Damage

While CBIZ bears the immediate brunt, the breach could tarnish the broader industry’s reputation. Financial service companies might face pressure to publicly demonstrate their commitment to cybersecurity, potentially leading to a shift in client preferences towards firms with stronger security measures.

Financial Impact and Legal Risks

The breach highlights the financial and legal risks associated with cybersecurity failures. Companies may need to reassess their risk management strategies and could face increased demand for cybersecurity insurance, leading to higher premiums and more stringent coverage requirements.

Strengthened Cybersecurity Measures

In response to the breach, financial service firms are likely to invest more in cybersecurity, enhancing their defenses and training programs to prevent similar incidents. This could become a key differentiator in the competitive landscape, with security-focused firms gaining an edge. 

Conclusion

These repeated data breaches continue to serve as a wake-up call for financial service companiesit’s a reality that affects everyone in the financial services industry. Ignoring it won’t make the risks go away. Many companies think, “It won’t happen to us,” until it does, and by then, it’s too late. The consequences of a breach—loss of client trust, legal troubles, and financial hits—can be devastating. Pretending it’s not your problem won’t protect your business; proactive steps will. The truth is cybersecurity isn’t optional anymore—it’s critical to survival in today’s digital landscape. 

Walter-Contreras