CSC ServiceWorks data breach could affect thousands of victims

An abstract image of padlocks overlaying a digital background.

(Image credit: Shutterstock) (Image credit: Shutterstock)

CSC ServiceWorks, a company that provides internet-connected laundry machines to residential buildings, hotels, universities, and more, suffered a data breach in 2023 in which data on tens of thousands of people was compromised.

The company filed a new data breach notification in which it reported on an incident which occured in late September 2023, but stating it spotted the intruders in early February 2024, which means the crooks were dwelling in the target network for roughly five months.

During that time, they gathered sensitive information on exactly 35,340 individuals. CSC ServiceWorks confirmed which data was stolen in June 2024, meaning it took another five months to analyze the breach.

Employees affected?

The company says the threat actors stole people’s names, dates of birth, contact information, government identity documents (Social Security Numbers, driver’s license numbers, and similar), financial information (bank account numbers), and health insurance information (including some limited medical information).

Given the type of information stolen in this attack, the victims might have been current and former CSC ServiceWorks employees, but this information is yet to be confirmed.

This is not the first time CSC has made headlines for cybersecurity issues. Just a few weeks ago, researchers found a vulnerability in the machines that allowed people to get free laundry.

This followed a similar bug revealed in May 2023 in the laundry machine’s accompanying app, which allowed them to top up their laundry credit as much as they wanted. To prove their point, they even added an obscene amount of money to one account, exceeding a million dollars. Even though the company ignored the researchers at first, it later apologized for the mishap and released a fix for the flaw.

All of this forced CSC to create a vulnerability disclosure program.

Via TechCrunch

More from TechRadar Pro

These students discovered a security bug that could let millions of us do laundry for free
Here's a list of the best firewalls today
These are the best endpoint protection tools right now

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.