More than 4m Americans’ info is exposed in massive health savings account data breach – in ANOTHER hack linked to Microsoft

The personal information of millions of Americans has been stolen by hackers after a cyberattack on a major healthcare company.

After the attack on HealthEquity, a total of 4.3 million usernames, addresses, medical data and social security numbers of dangerous parties were stolen.

Hackers gained access to the information through an anonymous third-party vendor who had access to HealthEquity’s Microsoft Sharepoint data. This data allows companies to create and store important files and full customer profile information.

The latest attack could lead to a wave of data breaches, financial fraud and identity theft using information collected from customers’ accounts.

The data breach occurred in March 2024, but according to a new submitHealthEquity only confirmed the system had been breached on June 26, more than three months after the accounts were targeted.

The company told DailyMail.com it could only disclose the security incidents after its investigation was complete.

HealthEquity offers 15.7 million customers health savings accounts, flexible spending accounts, health benefits and 401(k) retirement plans.

The company claims that hackers used compromised credentials from a third-party vendor to gain access to the information. The company has since disabled all accounts that may have been compromised.

A HealthEquity spokesperson told DailyMail.com: ‘We took immediate proactive and cautious action when we first discovered an anomaly with our third-party supplier.

‘This included quickly resolving the issue, assembling a team of external and internal experts to investigate the issue, and preparing a response.’

HealthEquity has reportedly blocked all accounts that may have been affected, removed all IP addresses associated with the hackers, and implemented a general password reset on its systems.

The investigation into the attack is ongoing and HealthEquity customers will be notified by mail or email if they have been affected, depending on the contact preference listed in their account.

The investigation into the attack is ongoing and HealthEquity customers will be notified by mail or email if they have been affected, depending on the contact preference listed on their account.

So far, the company has said it is not aware of any actual or attempted misuse of information, but it has “formally filed a report with the Securities and Exchange Commission, which was not required but reflects our concerns and commitment to transparent communications,” the spokesperson said.

‘We regret the inconvenience caused by the incident and are doing everything we can to keep the inconvenience to a minimum. At the same time, we are taking measures to prevent this from happening again in the future.’

Although the exposed data was linked to Microsoft software, HealthEquity said TechCrunch it was an “isolated incident” unrelated to the recent series of Snowflake breaches, in which hackers stole millions of customer data from major companies including banks, healthcare institutions and technology firms.

Snowflake is a similar platform that allows companies to store all their business and customer data in one place.

The HealthEquity data breach impacted customers in the US, including Ohio, New York and Oregon.

According to a data breach submit According to the Maine Attorney General’s Office, consumers can expect to receive written notification by the end of this week if their data has been stolen.

HealthEquity reports that it is currently monitoring accounts, credit information and credit repair services and is advising customers to protect themselves from identity fraud by placing a fraud alert on their credit file.

This will prevent malicious parties from opening new credit accounts in your name. You can set these up for free through Equifax, Experian or TransUnion.

DailyMail.com has reached out to HealthEquity for comment.