4,300,000 Americans Affected by Security Breach as Financial Data Leaked
Millions of Americans are now at risk of potential fraud after a Utah-based fintech company experienced a breach in its systems. Health Equity, an administrator of health savings accounts (HSAs), has reported to the Office of the Maine Attorney General that this incident resulted in the unauthorized access to or disclosure of sensitive information belonging to its 4.3 million customers.
According to a notice sent to affected customers, the stolen data may include personal details such as names, addresses, telephone numbers, employee IDs, names of employers, social security numbers, dependent information, and payment card information. However, HealthEquity clarifies that not all data categories were exposed for each individual.
The breach occurred on March 9th, 2004, but HealthEquity only became aware of the systems anomaly on March 25th, prompting an internal investigation that lasted until June 10th. During this investigation, it was discovered that a vendor’s user accounts, which had access to an online data storage location, had been compromised. As a result, an unauthorized party was able to access a limited amount of data stored outside of HealthEquity’s core systems.
At present, HealthEquity does not believe that any customer information obtained in the hack has been misused. The company is taking proactive measures by offering victims two years of complimentary credit identity monitoring, insurance, and restoration services. Additionally, HealthEquity encourages its members to regularly review their financial statements and credit reports for any signs of suspicious activity.
HealthEquity, which serves as an Internal Revenue Service (IRS)-designated non-bank health savings trustee and has 16 million members across the United States, aims to mitigate the potential impact of this breach on its customers.