CSC ServiceWorks, a company that provides internet-connected laundry machines to residential buildings, hotels, universities, and more, suffered a data breach in 2023 in which data on tens of thousands of people was compromised.
The company filed a new data breach notification in which it reported on an incident which occured in late September 2023, but stating it spotted the intruders in early February 2024, which means the crooks were dwelling in the target network for roughly five months.
During that time, they gathered sensitive information on exactly 35,340 individuals. CSC ServiceWorks confirmed which data was stolen in June 2024, meaning it took another five months to analyze the breach.
Employees affected?
The company says the threat actors stole people’s names, dates of birth, contact information, government identity documents (Social Security Numbers, driver’s license numbers, and similar), financial information (bank account numbers), and health insurance information (including some limited medical information).
Given the type of information stolen in this attack, the victims might have been current and former CSC ServiceWorks employees, but this information is yet to be confirmed.
This is not the first time CSC has made headlines for cybersecurity issues. Just a few weeks ago, researchers found a vulnerability in the machines that allowed people to get free laundry.
This followed a similar bug revealed in May 2023 in the laundry machine’s accompanying app, which allowed them to top up their laundry credit as much as they wanted. To prove their point, they even added an obscene amount of money to one account, exceeding a million dollars. Even though the company ignored the researchers at first, it later apologized for the mishap and released a fix for the flaw.
All of this forced CSC to create a vulnerability disclosure program.
Via TechCrunch
More from TechRadar Pro
Services Marketplace – Listings, Bookings & Reviews