Call Us

HealthEquity, Inc. Data Breach

Posted on behalf of Arnold Law Firm on July 29, 2024 in Data Breach

NOTICE: If you received a NOTICE OF DATA BREACH letter from HealthEquity, Inc., contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.

smartphone with laptop and lock icon

On or about July 26, 2024, HealthEquity, Inc. (“HealthEquity”) sent a Notice of Data Breach Letter (“Breach Letter”) via mail to victims of the HealthEquity data breach informing them that their personal information and Personally Identifiable Information (“PII”) was obtained by unauthorized users who accessed HealthEquity’s network (“data breach”) in March 2024.

After HealthEquity became aware of the potential unauthorized access to its network, it launched an investigation which concluded on June 26, 2024. The investigation determined that hackers obtained from victims their first and last names, dates of birth, social security numbers and other personal information.

Founded in 2002, HealthEquity is an IRS designated trustee of HSAs and a directed third-party administrator of FSA/HRA, Commuter, COBRA, and Lifestyle plans. Based in Draper, Utah, HealthEquity employs approximately 3,150 individuals and has $861 million in annual revenue.

Although the exact number of affected individuals has not yet been released, it is estimated that more than 4 million people have had their data impacted by the data breach. If you received a Breach Letter from HealthEquity, then you were impacted by the data breach.

HealthEquity has offered two years of free credit and identity monitoring, insurance, and credit restoration services to victims of the breach.

WHAT INFORMATION IS INVOLVED?

According to HealthEquity, the following information was exposed:

  • First and Last Name
  • Social Security Number
  • Telephone Numbers
  • Employee ID’s
  • Employer
  • General contact information for dependents
  • Payment card information (but not payment card number or HealthEquity debit card information)

This information is called your Personally Identifiable Information (“PII”). It tells others about you and is considered part of your identity. Businesses are required to secure this information or risk facing statutory penalties, among other legal penalties. Stolen PII can be used by identity thieves to engage in fraudulent activity using your identity.

The best way to protect yourself after a data breach is to sign up for credit and identity protection services as soon as possible. California offers extra protections and legal rights to its residents through the California Consumer Privacy Act (“CCPA”).

NOTICE: If you received a NOTICE OF DATA BREACH letter from HealthEquity, Inc., contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.