Serco Inc Data Breach Exposes Personal Information of Thousands

Serco Inc, the Americas division of multinational outsourcing company Serco Group, has disclosed a data breach that affected over 10,000 individuals. The breach occurred after attackers stole the personal information of current and former employees, contractors, and suppliers from a third-party vendor’s MoveIT managed file transfer (MFT) server.

Read: Brave Search Launches Its Own Image and Video Search Features

According to a data breach notification letter filed with the Office of the Maine Attorney General, Serco said the information was exfiltrated from the file transfer platform of CBIZ, its benefits administration provider.

“On June 30, 2023, Serco was made aware that our third-party benefits administration provider, CBIZ, experienced a ransomware attack and data breach,” the company explained.

“We understand from CBIZ that the incident began in May 2023 and CBIZ took steps to mitigate the incident on June 5, 2023. To be clear, the breach of CBIZ’s systems did not affect the safety and security of Serco’s systems.” The stolen data included the name, U.S. Social Security Number, date of birth, home mailing address, Serco and/or personal email address, selected health benefits for the year, and other sensitive information.

Serco Inc said there is no evidence that the stolen data has been misused or disclosed to any third parties. However, the company advised the affected individuals to monitor their credit reports, bank statements, and other accounts for any suspicious activity. According to CBIZ, a cybersecurity firm is also conducting a thorough investigation.

Serco’s clients include U.S. federal agencies, such as the Departments of Homeland Security, Justice, and State, as well as U.S. Intelligence Agencies and multiple U.S. Armed Forces branches like Navy, Army, Marine Corps, and Air Force.

The company said that it has taken steps to prevent similar incidents in the future, such as enhancing its security controls, reviewing its vendor relationships, and providing additional training to its staff. Serco Inc also apologized for any inconvenience or concern caused by the breach and assured its personnel that it takes their privacy and security seriously.

Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.