Utah-based healthcare benefits administrator HealthEquity disclosed that a data breach that occurred on March 9 affected over four million people. In a notice filed with Maine’s attorney general, HealthEquity stated that the breach was discovered on June 26.
In a notice to customers scheduled to be sent by August 9, HealthEquity stated that the affected data primarily consisted of sign-up information for accounts and benefits it administers. However, HealthEquity indicated that not all data categories were affected for every person. First and last names, addresses, telephone numbers, employee IDs, employers, social security numbers, dependent information, and payment card information were among the compromised data.
In a Form 8-K filed with the U.S. Security and Exchange Commission (SEC) dated July 2, HealthEquity stated that it discovered the breach through routine monitoring. “The investigation concluded that the Partner’s user account had been compromised by an unauthorized third party, who used that account to access information.”
TechTimes’ Joseph Henry reported on July 31 that the benefits administrator has over 15 million total customer accounts. “The scale of this breach is alarming,” Henry noted.
“HealthEquity is committed to protecting our customers’ data and has implemented additional security measures to prevent future breaches. We deeply regret any inconvenience this incident may cause,” Amy Mushahwar, a partner at Lowenstein Sandler LLP and outside counsel for HealthEquity, said in a statement. HealthEquity has offered identity theft protection services to its affected customers.
