HealthEquity data breach affects millions of customers — here’s what we know so far
Healthcare giant shares more details on major breach
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
The HealthEquity data breach that took place in March 2024 affected 4.3 million people, the company confirmed in a breach notification due to be sent to affected customers soon.
The major US healthcare service provider recently reported suffering a cyberattack, in which sensitive data belonging to some of its customers was stolen.
However HealthEquity filed a new 8-K report with the US Securities and Exchange Commission, in which it confirmed the exact number of victims (4.3 million), and shared a draft breach notification letter it will send to affected individuals starting August 9.
No payment data
“After receiving an alert, on March 25, 2024, HealthEquity became aware of a systems anomaly requiring extensive technical investigation and ultimately resulting in data forensics until June 10, 2024,” the company says in its letter. “Through this work, we discovered some unauthorized access to and potential disclosure of protected health information and/or personally identifiable information stored in an unstructured data repository outside our core systems.”
The affected data includes sign-up information for accounts and benefits the company administers. Furthermore, the data may include first name, last name, address, telephone number, employee ID, employer, social security number, dependent information (for general contact information only), and payment card information (but not payment card number or HealthEquity debit card information).
Not all people have had all of this information stolen - the archives vary from person to person, it was said.
“We are not aware of any actual or attempted misuse of information because of this incident to date,” HealthEquity concluded in the letter, adding that it will be offering credit and identity monitoring for two years through Equifax.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
ViaThe Register
More from TechRadar Pro
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
A new form of macOS malware is being used by devious North Korean hackers
Scammers are using fake copyright infringement claims to hack businesses
How to turn off Meta AI