Medical data leakage from 23,000 HealthEquity users

Unauthorized access to an employee email account allowed to obtain firm’s clients and employers datas. The event happened on April 11, 2018 and were detected two days after, on April 13. Security forensics hired by HealthEquity reported that account access were due a human error.

Compromised data are: client’s names, emails, HealthEquity member IDs, employer names, HealthEquity employer IDs, healthcare account type, deduction amounts and Social Security numbers for some Michigan-based employees.

HealthEquity is working to resolve the incident and urges those affected to remain vigilant to avoid possible identity theft, unauthorized access or bank accounts charges. Also, the firm committed to informing to affected users and has made specific telephone support available.