Major commercial laundry service provider CSC ServiceWorks had information from 35,340 individuals compromised following a data breach that lasted from September 2023 to February 2024, according to TechCrunch.
Infiltration of CSC ServiceWorks' systems resulted in the exfiltration of individuals' names, birthdates, Social Security numbers, driver's license numbers, contact details, bank account numbers, and health insurance details, said the company in a filing with Maine regulators. While such information may indicate that the breach impacted the company's employees, CSC ServiceWorks has refused to provide more details regarding the nature and extent of the incident. Such a development follows the discovery of a pair of vulnerabilities in its internet-connected laundry machines that could be exploited to enable free laundry cycles, the older of which was ignored by the firm for weeks before being addressed. On the other hand, more details regarding the more recent hardware-level flaw have been presented by security researcher Michael Orlitzky at this year's DEF CON security conference.