​CSC ServiceWorks, a leading provider of commercial laundry services and air vending solutions, has disclosed a data breach after the personal information of an undisclosed number of individuals was exposed in a 2023 cyberattack.

The company discovered the incident on February 4, 2024, after detecting unusual activity on its network. Subsequently, external cybersecurity experts hired to investigate the incident found that unknown attackers had accessed some computer systems.

CSC ServiceWorks believes the threat actors had access to compromised systems on its network from September 23, 2023, to February 4, 2024. After identifying the affected data, it hired a data review company to determine what information was stored in files exposed during the breach.

The laundry giant added that it took measures to secure its computer systems against future attacks and notified relevant law enforcement agencies of the incident. It received the results on June 17, 2024, and has been working to identify the correct addresses for the affected individuals since then.

Depending on the impacted individual, the types of personal information that were exposed in the data breach include a combination of:

• full name, date of birth, and contact information,
• government identification (e.g., Social Security or driver’s license number),
• financial information (e.g., bank account and routing number),
• health insurance information, and limited medical information,
• and, in some cases, their children’s personal information.

It also provides those affected by the data breach with a free Experian IdentityWorks membership to help detect attempts to misuse personal information exposed in the incident.

“We hired third-party experts to address this situation, perform an investigation into the unauthorized activity, and further secure our systems to protect your information,” said Christopher E. Mack, CSC ServiceWorks’ Chief Financial Officer.

“CSC is providing this notice to give you more information on what happened and an opportunity to enroll in free credit monitoring.

In May, TechCrunch reported that CSC ServiceWorks apologized and thanked two security researchers for finding a vulnerability that allowed anyone to do their laundry for free after ignoring their requests to fix the security flaw.

The company says it has over 150,000 clients in the United States, Canada, and Europe, with one million machines in use at tens of thousands of hotels, laundromats, universities, and residential buildings.

A CSC ServiceWorks spokesperson was not immediately available for comment when contacted by BleepingComputer today.