Hackers have obtained personal information of millions of Americans after a cyberattack on a major healthcare financing company.
In total, 4.3 million user names, addresses, health records, and social security numbers of malicious actors were obtained following the HealthEquity attack.
The hackers accessed the information through an anonymous third-party vendor who had access to HealthEquity’s Microsoft Sharepoint data, which allows companies to create and store important files and comprehensive customer profile information.
The latest attack could spark a wave of data breaches, financial fraud and identity theft using information collected from customer accounts.
A HealthEquity data breach has put the information of 4.3 million US users at risk, leaving them wondering what information could have been leaked
The data breach occurred in March 2024, but according to a new… presentationHealthEquity did not confirm that its system had been breached until June 26, more than three months after the accounts were attacked.
The company told DailyMail.com it would only be able to publicly disclose the security incident after completing its investigation.
HealthEquity offers health savings accounts, flexible spending accounts, health reimbursement arrangements and 401(k) retirement plans to its 15.7 million customers.
The company said the hackers used compromised credentials from a third-party vendor to access the information and has now disabled all accounts that may have been compromised.
A HealthEquity spokesperson told DailyMail.com: ‘We have taken immediate, proactive and prudent action since we first discovered an anomaly with our third-party provider.
‘This included quickly resolving the issue, assembling a team of external and internal experts to investigate and preparing a response.’
HealthEquity has reportedly disabled all accounts that may have been affected, blocked all IP addresses linked to the hackers, and added a global password reset to its systems.
The investigation into the attack is ongoing and HealthEquity customers will be notified by mail or email if they were affected, depending on the contact preference listed in their account.
The investigation into the attack is ongoing and HealthEquity customers will be notified by mail or email if they were affected, depending on the contact preference listed in their account.
So far, the company said it is not aware of any actual or attempted misuse of the information, but that it “formally filed a notification with the Securities and Exchange Commission, which was not required but represents our concern and commitment to transparent communication,” the spokesperson said.
“We regret any inconvenience caused by this incident and are working to minimize disruption while taking steps to help prevent this from happening again in the future.”
Although the exposed data was linked to Microsoft software, HealthEquity said TechnologyCrunch It was an “isolated incident” and was not related to the recent series of Snowflake breaches, where hackers stole millions of customer records from major corporations including banks, healthcare providers and technology companies.
Snowflake is a similar platform that allows businesses to store all of their company and customer data in one place.
The HealthEquity data breach affected customers across the United States, including Ohio, New York and Oregon.
According to a data leak presentation According to the Maine Attorney General’s office, consumers should expect to receive written notification by the end of this week if their data was stolen.
HealthEquity said it is currently monitoring accounts, credit identity information and restoration services and has advised customers to protect themselves from identity theft by placing a fraud alert on their credit file.
This will prevent dangerous actors from opening new credit accounts in your name and can be set up for free through Equifax, Experian, or TransUnion.
DailyMail.com has contacted HealthEquity for comment.
