1.9 Million Records Stolen from Human Resource Analytics Company Zeroed-In
Table of Contents
- By Steven
- Published: Nov 29, 2023
- Last Updated: Dec 01, 2023
Zeroed-In Technologies offers curated human resource solutions and analytics to organizations. Among those who use their services are the City of Detroit, Dollar Tree, Family Dollar, and the U.S. Department of Defense. Zeroed-In suffered a security incident in August, where the assailants obtained over 1.9 million consumer records.
How Did the Attack Occur?
The investigations are ongoing. Despite this, there is some public information about the incident. Zeroed-In’s website does not provide a statement about the event, but the public consumer notices offer some detail. The attack included “suspicious activity” within some systems. The unauthorized actor gained access to the network and presumably did something to stop officials from taking instant action.
What Information Was Viewed or Stolen?
Although officials can see what systems the attack influenced, they cannot confirm every file taken by the threat actor. Consequently, the 1.9 million figure may rise as investigations continue. According to the consumer notice, names, birthdays, and Social Security Numbers were stolen; this may change in the future, however, as officials gain more insight into the attack and its consequences. Experts strongly advise consumers to invest in monitoring services and preventative defenses before receiving a physical notice.
How Did Zeroed-In Technologies Admit to the Breach?
According to the Maine Attorney General’s office filing, the attack began on or around August 7th, 2023. The event lasted less than 24 hours, with officials making the discovery sometime the next day. They launched a preliminary investigation that concluded a few weeks later, around August 31st. Officials have sent preliminary notices starting around November 27th. Individuals not receiving notices in this cycle may be notified after investigations conclude. However, no one needs to wait for a physical notice to start protecting their data.
What Will Become of the Stolen Information?
It’s challenging to say what will happen to the stolen data because it is unclear what data the assailant accessed. Zeroed-In’s consumer notices suggest credit, identity monitoring, and correlated insurance. These suggestions might differ if the threat actors obtained other sensitive information, like financial accounts. The public information about the incident does not point toward financial or medical information misuse; however, it is impossible to say without the completed investigations.
What Should Affected Parties Do in the Aftermath of the Breach?
The Maine Attorney General’s website lists 1,977,486 individuals potentially impacted; this number may rise, however. Those with data exposed in this breach should act now to mitigate future damage. We don’t yet know who will face the consequences of the breach or to what extent the damages may grow. For these reasons, everyone with a relationship with Zeroed-In must consider defensive procedures.
Start with securing your most active accounts. Enable multi-factor authentication options and activity alerts for essential accounts like financials. Update devices with new patches whenever possible, as they contain updated defenses. Change passwords to include new characters and complex patterns, or consider a password manager to maintain everything for you. Finally, consider Zeroed-In’s suggestion about monitoring services. Investing in services allows instant response to suspicious activity, but they aren’t enough to comprehensively protect your data.
