Millions of Americans may be at risk of fraud after bad actors breached the systems of a Utah-based fintech firm.
Health savings account (HSA) administrator Health Equity tells the Office of the Maine Attorney General that it suffered a security incident that “resulted in unauthorized access to or disclosure of” the sensitive data of 4.3 million customers.
According to a notice sent to customers, the data trove that was stolen may include a member’s:
- First and last name
- Address
- Telephone number
- Employee ID
- Name of employer
- Social security number
- Dependent information
- Payment card information
HealthEquity says not all data categories were exposed for every person.
While the external system breach happened on March 9th, 2004, the firm says it only became aware of a systems anomaly on March 25th. From that date until June 10th, HealthEquity conducted an internal investigation to trace the origin of the hack.
“We learned during our investigation that a vendor’s user accounts – which had access to an online data storage location – were compromised, and that because of this, an unauthorized party was able to access a limited amount of data stored in a storage location outside our core systems…
For now, HealthEquity says it does not believe any customer information captured in the hack has been used maliciously.
The firm is offering victims a two-year complimentary credit identity, monitoring, insurance and restoration services. HealthEquity also recommends that its members routinely review their financial statements and credit reports for suspicious activities.
HealthEquity is an Internal Revenue Service (IRS)-designated non-bank health savings trustee with 16 million members across the country.
Generated Image: Midjourney