HealthEquity data breach affects 4.3M people
Reading Time: 2 minutesHealthEquity is notifying 4.3 million people following a March data breach that affects their personal and protected health information.
In its data breach notice, filed with Maine’s attorney general, the Utah-based healthcare benefits administrator said that although the compromised data varies by person, it largely consists of sign-up information for accounts and information about benefits that the company administers.
HealthEquity said the data may include customer names, addresses, phone numbers, their Social Security number, information about the person’s employer and the person’s dependent (if any), and some payment card information.
HealthEquity provides employees at companies across the United States access to workplace benefits, like health savings accounts and commuter options for public transit and parking. At its February earnings, HealthEquity said it had more than 15 million total customer accounts.
In its data breach notice, HealthEquity said it discovered the data breach after finding unauthorized access in an ‘unstructured data repository’ outside of its core network that contained customers’ personal and health information. Some of the stolen data also includes information about diagnoses and prescriptions, the company said.
The notice said that the breach occurred because a user account of one of HealthEquity’s vendors was compromised and their password stolen, which was used by the malicious hacker to access the data repository.
Several other companies in recent years, including Activision, Snowflake, and Worldcoin, have experienced security incidents because of employee password theft, often by way of password-stealing malware, which scrapes the passwords and credentials found on an employee’s computer. Some password-stealing malware can skirt multifactor authentication, a security feature that can block some password theft attacks, by stealing session tokens, which are stored on an employee’s computer to keep them persistently logged in. When stolen, session tokens can be used to gain access to the company’s network as if the hacker was that employee.
HealthEquity spokesperson Stacie Saltzgiver reiterated that the data breach was an ‘isolated incident’ and confirmed that it was unrelated to the recent breaches of customer data held by cloud giant Snowflake.
Reference: https://techcrunch.com/2024/07/30/healthequity-data-breach-affects-4-3-million-people/
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG