CSC ServiceWorks, a company that provides internet-connected washing machines to homes, hotels, universities and more, suffered a data breach in 2023 that compromised the data of tens of thousands of people.
The company filed a new data breach notification, citing an incident that occurred in late September 2023 but saying it spotted the intruders in early February 2024. That puts the criminals in the target network for about five months.
During that time, they collected sensitive information on exactly 35,340 individuals. CSC ServiceWorks confirmed which data had been compromised in June 2024, meaning it took another five months to analyze the breach.
Which employees are affected?
According to the company, the criminals stole people’s names, dates of birth, contact information, government identification documents (Social Security numbers, driver’s license numbers and the like), financial information (bank account numbers) and health insurance information (including limited medical information).
Given the type of information stolen in this attack, the victims could have been current and former employees of CSC ServiceWorks. However, this information has not yet been confirmed.
This isn’t the first time CSC has been in the news for cybersecurity issues. Just a few weeks ago, researchers discovered a vulnerability in the machines that allowed people to do laundry for free.
This followed a similar bug revealed in May 2023 in the washing machine’s companion app, which allowed them to top up their laundry credit as often as they wanted. To prove their point, they even added an obscene amount of money to one account, over a million dollars. Although the company initially ignored the researchers, it later apologized for the mishap and released a fix for the flaw.
All this forced CSC to set up a vulnerability disclosure program.
Via TechCrunch