The Office of the Maine Attorney General has been informed of a data breach that has exposed sensitive data of 4.3 million customers.

According to HealthEquity, the data breach exposed the below sensitive data that of millions of Americans, with the fintech firm saying that not all of the categories listed contained data for every person. Reports indicate the breach occurred on March 9, 2024, and that it was detected on March 25. After the breach was discovered HealthEquity conducted an internal investigation on the origin of the hack, tracing it back to an online data storage location that became compromised.
The compromised location led to the unauthorized party gaining access to a "limited amount of data stored in a storage location outside our core systems." HealthEquity doesn't believe the stolen customer information has been used nefariously, and as compensation to affected customers, HealthEquity is offering a two-year complimentary credit identity, monitoring, insurance, and restoration services.
As for what can be done about the data breach, HealthEquity recommends customers to monitor their bank statements for any unusual transactions.
- First and last name
- Address
- Telephone number
- Employee ID
- Name of employer
- Social security number
- Dependent information
- Payment card information
"We learned during our investigation that a vendor's user accounts - which had access to an online data storage location - were compromised, and that because of this, an unauthorized party was able to access a limited amount of data stored in a storage location outside our core systems," found HealthEquity