SafetyDetectives
$ United States dollar
$ United States dollar Euro£ British poundAED UAE dirhamARS Argentine pesoAU$ Australian dollarBGN Bulgarian levR$ Brazilian realCA$ Canadian dollarCHF Swiss francCLP Chilean pesoCN¥ Chinese yuanCOP Colombian pesoCZK Czech korunaDKK Danish kroneEGP Egyptian poundHK$ Hong Kong dollarHUF Hungarian forintIDR Indonesian rupiah Israeli new shekelINR Indian rupee¥ Japanese yen South Korean wonMX$ Mexican pesoMYR Malaysian ringgitNOK Norwegian kroneNZ$ New Zealand dollarPLN Polish złotyRON Romanian leuRUB Russian rubleSAR Saudi riyalSEK Swedish kronaSGD Singapore dollar฿ Thai bahtTRY Turkish liraNT$ New Taiwan dollarUAH Ukrainian hryvnia Vietnamese DongZAR South African rand

Massive Data Breach Exposes Sensitive Data of More Than 4 Million Americans

Penka Hristovska
Penka Hristovska Senior Editor
Updated on: August 6, 2024
Penka Hristovska Penka Hristovska
Updated on: August 6, 2024 Senior Editor

More than 4.3 million Americans have had their personal data stolen by hackers after HSA provider HealthEquity suffered a data breach. The stolen information consisted of sign-up information for the accounts and benefits it manages.

The exposed data may include details in one or more of the following categories: first and last names, addresses, telephone numbers, employee IDs, employers, Social Security numbers, health card numbers, health plan member numbers, dependent contact information, HealthEquity benefit types, diagnoses, prescription details, payment card information (excluding payment card numbers), and/or HealthEquity account types.

It’s important to note that not every data category was compromised for every member.

In a Form 8-K filing with the SEC at the start of July, HealthEquity disclosed that hackers accessed sensitive health data using compromised credentials from one of its partners. The company first detected the system anomaly on March 25, with the investigation continuing until June 10. HealthEquity only confirmed the extent of the intrusion at the end of June.

“We discovered some unauthorized access to and potential disclosure of protected health information and/or personally identifiable information stored in an unstructured data repository outside our core systems. On June 26, 2024, after validating the data, we unfortunately determined that some of your personal information was involved.”

HealthEquity has since secured the compromised database and disabled all potentially affected vendor accounts, blocking all IP addresses associated with the hack, and implementing a global password reset for the impacted partner. The company is now offering those affected by the breach 24 months of free identity monitoring and restoration services.

HealthEquity says it’s still in the process of notifying customers that have been affected by the breach. It explained that all Impacted individuals will be notified by mail or email, depending on their account communication preferences. It’s expected that everyone impacted will be officially notified by Aug. 9.

About the Author
Penka Hristovska
Penka Hristovska
Senior Editor
Updated on: August 6, 2024

About the Author

Penka Hristovska is an editor at SafetyDetectives. She was an editor at several review sites that covered all things technology — including VPNs and password managers — and had previously written on various topics, from online security and gaming to computer hardware. She’s highly interested in the latest developments in the cybersecurity space and enjoys learning about new trends in the tech sector. When she’s not in “research mode,” she’s probably re-watching Lord of The Rings or playing DOTA 2 with her friends.

Leave a Comment