4.3 Million HealthEquity Users Hit by Major Data Breach

HealthEquity data breach

HealthEquity, one of the largest providers of health savings accounts in the United States, reported a significant data breach affecting the information of 4.3 million individuals.

The company discovered unauthorized access to sensitive health and personal data of clients on March 9, 2024. However, the breach was confirmed only on June 26 after an internal investigation.

According to HealthEquity, the perpetrators used the compromised credentials of a company partner to access an unsecured data repository outside the main systems.

The stolen information included full names, home addresses, phone numbers, employer and employee identifiers, Social Security numbers, general information about dependents, and payment card data (excluding card numbers).

HealthEquity has already taken measures to ensure security. The company blocked unauthorized sessions, restricted access from the attackers’ IP addresses, and conducted a global password reset for the compromised supplier account.

Affected clients will be offered a two-year credit monitoring and identity theft protection service through Equifax. The company recommends closely monitoring bank statements and verifying the accuracy of personal information in the HealthEquity account.

Currently, no hacker group has claimed responsibility for the attack, and the stolen data has not yet appeared in the public domain. HealthEquity plans to send notifications about the breach to all affected individuals by August 9, 2024.

Related Posts: