Info Data Leak

4.3 Million HealthEquity Users Affected by Big Data Breach

SecurityOnline

Threat Actor: Unknown | unknown
Victim: HealthEquity | HealthEquity
Price: Not disclosed
Exfiltrated Data Type: Personal and health information

Key Points :

  • 4.3 million individuals affected by the data breach.
  • Unauthorized access discovered on March 9, 2024, but confirmed on June 26, 2024.
  • Compromised credentials of a company partner were used to access an unsecured data repository.
  • Stolen data includes full names, addresses, phone numbers, Social Security numbers, and payment card data (excluding card numbers).
  • HealthEquity has implemented security measures, including blocking unauthorized sessions and a global password reset.
  • Affected clients will receive two years of credit monitoring and identity theft protection services through Equifax.
  • No hacker group has claimed responsibility for the attack as of now.
  • Notifications about the breach will be sent to affected individuals by August 9, 2024.

HealthEquity, one of the largest providers of health savings accounts in the United States, reported a significant data breach affecting the information of 4.3 million individuals.

The company discovered unauthorized access to sensitive health and personal data of clients on March 9, 2024. However, the breach was confirmed only on June 26 after an internal investigation.

According to HealthEquity, the perpetrators used the compromised credentials of a company partner to access an unsecured data repository outside the main systems.

The stolen information included full names, home addresses, phone numbers, employer and employee identifiers, Social Security numbers, general information about dependents, and payment card data (excluding card numbers).

HealthEquity has already taken measures to ensure security. The company blocked unauthorized sessions, restricted access from the attackers’ IP addresses, and conducted a global password reset for the compromised supplier account.

Affected clients will be offered a two-year credit monitoring and identity theft protection service through Equifax. The company recommends closely monitoring bank statements and verifying the accuracy of personal information in the HealthEquity account.

Currently, no hacker group has claimed responsibility for the attack, and the stolen data has not yet appeared in the public domain. HealthEquity plans to send notifications about the breach to all affected individuals by August 9, 2024.

Related Posts:

Original Source: https://securityonline.info/4-3-million-healthequity-users-hit-by-major-data-breach/

Tags: BANK, BREACH, PASSWORD