HealthEquity Data Breach Impacts 4.3 Million People

HealthEquity, Inc. recently experienced a significant data breach that has potentially affected 4,300,000 individuals in the United States. The breach was discovered on June 26, 2024, and involved unauthorized access to sensitive personal information managed by one of HealthEquity's vendors. This breach has exposed a wide range of consumer information, including:

• Name of individual
• Address
• Social Security Number Information
• Financial Information (e.g., account number, credit or debit card number)
• Medical Information
• Health Insurance Information
• Date of Birth
• First name
• Last name
• Telephone number
• Employee ID
• Employer
• Dependent information
• Payment card information

The breach was disclosed to the Attorney General's offices in several states, including Maine, Texas, Massachusetts, and California.

HealthEquity's Response

In response to the breach, HealthEquity immediately launched an investigation and engaged third-party experts to determine the nature and scope of the incident. The company identified that a vendor’s user accounts, which had access to an online data storage location, were compromised. As a result, an unauthorized party was able to access a limited amount of data stored outside HealthEquity's core systems.

HealthEquity took several immediate actions, including:

• Disabling all potentially compromised vendor accounts and terminating all active sessions
• Blocking all IP addresses associated with the threat actor activity
• Implementing a global password reset for the impacted vendor
• Enhancing security and monitoring efforts, internal controls, and security posture

Steps to Take if You Are Affected by the Data Breach

If you believe you may be affected by this data breach, it is important to take proactive steps to protect your personal information. Here are some recommended actions:

1. Activate Free Credit Monitoring: HealthEquity has arranged for credit identity monitoring, insurance, and restoration services for a period of two years, free of charge, through Equifax. Follow the instructions provided in the notice to activate these services.
2. Review Financial Statements: Carefully review statements sent to you from HealthEquity and other financial institutions to ensure that your account activity is correct. Report any questionable charges promptly.
3. Order Your Free Credit Report: Visit Annual Credit Report or call (877) 322-8228 to obtain your free annual credit report. Review it carefully for any unauthorized accounts or inaccuracies.
4. Place a Fraud Alert: Consider placing a fraud alert on your credit file by contacting any of the three major credit bureaus: Equifax, Experian, or TransUnion. This alert will notify creditors to take extra steps to verify your identity before granting credit.
5. Consider a Security Freeze: You have the right to request a credit freeze from a consumer reporting agency, free of charge. This will prevent new credit from being opened in your name without your consent. Contact Equifax, Experian, or TransUnion to place a security freeze.
6. Report Identity Theft: If you detect any unauthorized transactions or incidents of identity theft, promptly report the matter to your local law enforcement authorities, state Attorney General, and the Federal Trade Commission (FTC). You can contact the FTC at FTC Identity Theft.