HealthEquity, Inc. informs that the data breach it disclosed earlier this month affects 4.3 million individuals. The breach, resulting from an external system hacking, was discovered on June 26, 2024, though it initially occurred on March 9, 2024.
The incident was identified during routine monitoring, which revealed anomalous activity on a personal device used by a business partner. This unauthorized access allowed a third party to obtain sensitive personal information as the company disclosed via an 8-K filing previously.
HealthEquity is a financial technology and business services company based in Draper, Utah. As of July 2022, it managed 14.5 million accounts, including 7.5 million health savings accounts (HSAs) with assets totaling $20.5 billion. The company is designated as a non-bank health savings trustee by the IRS, allowing it to manage HSAs and related services.
Upon discovering the breach, HealthEquity isolated the malicious activity and conducted a thorough investigation. The compromised data included personally identifiable information (PII) and certain members' protected health information (PHI). Following the investigation, the company confirmed today that some data had been exfiltrated from its partner's systems, including:
- First name
- Last name
- Address
- Telephone number
- Employee ID
- Employer
- Social security number
- Dependent information (general contact information only)
- Payment card information (excluding payment card number and HealthEquity debit card information)
Despite the breach, HealthEquity reported no malicious code on its systems and no interruption to its services or business operations.
HealthEquity will be notifying its partners, clients, and individuals whose information may have been compromised. Written notifications were sent to affected individuals on August 9, 2024. The company offers two years of complimentary credit monitoring, insurance, and restoration services through Equifax to those impacted by the breach.
Those potentially affected by the breach are recommended to take advantage of the complimentary credit monitoring services offered by HealthEquity to detect any suspicious activity on their accounts.
Regularly reviewing bank and credit card statements for unauthorized transactions, updating passwords for all online accounts, especially those related to financial and health information, and ensuring they are strong and unique are also advised. Additionally, using two-factor authentication on all accounts to add an extra layer of protection and being cautious of phishing attempts and unsolicited communications asking for personal information are crucial steps to mitigate potential risks.
Handala Hackers Target Israel with Devastating Wiper Malware
how far back does the data go? I used to have an account with them. however, I am no longer employed by that employer and have moved (mail forwarding has expired).
I was wondering the same thing. Can they tell us if ours got delivered OK, or stolen out of our mailbox? If stolen, I’d like to stand guard in the couple weeks to ensure it gets delivered.
So they’ll send them next week?