CPM is investigating a data breach disclosed by HealthEquity that may have disclosed the personal and health information of 4.3 million people.  According to its data breach notice filed with Maine’s attorney general, HealthEquity said the data may include customer names, addresses, phone numbers, their Social Security number, information about the person’s employer and the person’s dependent (if any), and some payment card information. 

HealthEquity provides employees at companies across the United States access to workplace benefits, like health savings accounts and commuter options for public transit and parking.  According to HealthEquity’s February earnings, it said it had more than 15 million total customer accounts. 

HealthEquity has admitted that they received an alert on March 25, 2024 about a potential security incident and then proceeded to conduct an investigation.  It analyzed the data until June 10, 2024 before confirming that a threat actor had accessed the data and that the breach had occurred on March 9, 2024.   

For more information, see the following articles about the HealthEquity Data Breach:

https://www.fiercehealthcare.com/payers/hsa-administrator-healthequity-discloses-data-breach-impacting-43m

https://techcrunch.com/2024/07/30/healthequity-data-breach-affects-4-3-million-people/

https://www.bleepingcomputer.com/news/security/healthequity-says-data-breach-impacts-43-million-people/

Cotchett, Pitre & McCarthy Partner Thomas E. Loeser is a former federal cyber-prosecutor who specializes in consumer privacy cases.  If you believe your data may have been compromised, please complete the form below.


Key Contacts

Signal

Jump to Page

Cotchett, Pitre & McCarthy, LLP Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek