Topics
Latest
AI
Amazon
Image Credits:MirageC / Getty Images
Apps
Biotech & Health
mood
Image Credits:MirageC / Getty Images
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
Fundraising
Gadgets
bet on
Government & Policy
ironware
Layoffs
Media & Entertainment
Meta
Microsoft
concealment
Robotics
Security
societal
Space
Startups
TikTok
Transportation
Venture
More from TechCrunch
upshot
Startup Battlefield
StrictlyVC
newssheet
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
HealthEquity is notifying 4.3 million peoplefollowing a March data point breachthat affects their personal and protected health data .
In itsdata breach notice , file with Maine ’s attorney superior general , the Utah - based healthcare benefit decision maker tell that although the compromised data point vary by somebody , it largely consists of signal - up selective information for account and information about benefits that the company administers .
HealthEquity said the data point may include customer public figure , addresses , speech sound issue , their Social Security number , information about the person ’s employer and the person ’s hooked ( if any ) , and some defrayal board data .
HealthEquity provide employees at companies across the United States access to workplace benefit , like health savings accounts and commuter train options for public transportation system and parking . At its February net , HealthEquity saidit had more than 15 million total customer score .
In its datum falling out notice , HealthEquity said it discovered the data breach after find wildcat access in an “ unstructured data repository ” out of doors of its core electronic internet that contained customers ’ personal and health information . Some of the stolen data also includes information about diagnoses and prescriptions , the society said .
The notice said that the breach occurred because a user accounting of one of HealthEquity ’s vendors was compromised and their countersign stolen , which was used by the malicious cyberpunk to get at the data repository .
When hit for scuttlebutt , HealthEquity would not name the third - party trafficker . The company antecedently told TechCrunch that the compromised third - party vendor account had access to “ some of HealthEquity ’s SharePoint data , ” refer to Microsoft SharePoint , which allows company to create their own intimate intranet .
Several other companies in recent old age , includingActivision , Snowflake , andWorldcoin , have feel security measure incidents because of employee password theft , often by path of password - stealing malware , which scrapes the countersign and credential found on an employee ’s computer . Some password - stealing malware can skirt multifactor hallmark , a surety feature that can block some countersign theft attacks , by stealing session token , which are stack away on an employee ’s computer to keep them persistently logged in . When stolen , session tokens can be used to gain access to the company ’s electronic web as if the hacker was that employee .
HealthEquity voice Stacie Saltzgiver reiterated that the information rupture was an “ insulate incident ” and confirm that it was unrelated tothe late breaches of client data check by cloud heavyweight Snowflake .
HealthEquity haspublished a data breach telling on its internet site . When TechCrunch arrest the website observance , HealthEquity had included hidden “ noindex ” code on the page that tells hunting engines to disregard the web page , in effect block moved someone from find HealthEquity ’s data breach notice in search results .
When inquire by TechCrunch , the company ’s spokesperson did not comment on the inclusion body of the computer code .
