In this episode, we investigate the massive data breach at VeriSource Services, Inc. (VSI), a Houston-based HR outsourcing and employee benefits administrator. Initially reported as affecting fewer than 2,000 individuals, the breach has now ballooned to a confirmed 4 million affected people. We trace the timeline from the initial detection of suspicious network activity on February 28, 2024, to the eventual notification of millions of impacted individuals beginning in April 2025.
Listeners will learn how sensitive information—names, addresses, birthdates, gender, and Social Security numbers—was exposed, and why this data combination poses a high risk of identity theft. We also unpack the reasons behind the prolonged disclosure process, VSI’s response efforts, the role of federal regulators, and the legal consequences now unfolding, including multiple class-action lawsuits.
Was this a case of evolving forensic findings—or of organizational opacity? And what does this incident tell us about third-party HR data security standards in 2025? Join us for a detailed breakdown of one of the year’s largest and most quietly escalated data breaches.
