HealthEquity, a provider of health savings accounts (HSAs) and other financial services, has suffered a significant data breach affecting over 4.3 million Americans. The breach occurred when hackers used compromised credentials from a partner to steal sensitive health information.
The stolen data includes names, addresses, phone numbers, Social Security numbers, and more. HealthEquity confirmed the breach in a filing on July 2, revealing that hackers accessed data from March 25 to June 10.
The company first noticed the issue on March 25 and continued to investigate until June 10. They found unauthorized access to personal and health information stored outside their main systems. HealthEquity began notifying affected individuals by mail or email based on their preferences.
The breached data might include details like names, addresses, Social Security numbers, health card numbers, and payment card information (but not card numbers). Not all categories were affected for every person.
So far, HealthEquity has not seen any misuse of the stolen data. They have taken several steps to address the breach, including securing the affected data, disabling compromised accounts, and resetting passwords. They are also offering free credit monitoring, insurance, and restoration services for two years through Equifax.
HealthEquity has committed to improving security and preventing future breaches, while continuing to notify affected parties and support their clients.
