The HealthEquity data breach that took place in March 2024 affected 4.3 million people, the company confirmed in a breach notification due to be sent to affected customers soon.
The major US healthcare service provider recently reported suffering a cyberattack, in which sensitive data belonging to some of its customers was stolen.
However HealthEquity filed a new 8-K report with the US Securities and Exchange Commission, in which it confirmed the exact number of victims (4.3 million), and shared a draft breach notification letter it will send to affected individuals starting August 9.
No payment data
“After receiving an alert, on March 25, 2024, HealthEquity became aware of a systems anomaly requiring extensive technical investigation and ultimately resulting in data forensics until June 10, 2024,” the company says in its letter. “Through this work, we discovered some unauthorized access to and potential disclosure of protected health information and/or personally identifiable information stored in an unstructured data repository outside our core systems.”
The affected data includes sign-up information for accounts and benefits the company administers. Furthermore, the data may include first name, last name, address, telephone number, employee ID, employer, social security number, dependent information (for general contact information only), and payment card information (but not payment card number or HealthEquity debit card information).
Not all people have had all of this information stolen - the archives vary from person to person, it was said.
“We are not aware of any actual or attempted misuse of information because of this incident to date,” HealthEquity concluded in the letter, adding that it will be offering credit and identity monitoring for two years through Equifax.
Via The Register
More from TechRadar Pro
- Major data breach at healthcare provider puts millions of customers at risk
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now