As reported by BleepingComputer, HSA provider HealthEquity has revealed that it suffered a data breach in which hackers stole the personal information of millions of Americans.

According to a Form 8-K filed with the SEC in early July, hackers used a partner's compromised credentials to access this sensitive health data. An investigation revealed that the breach occurred in March of this year, but HealthEquity confirmed this to be true at the end of June after an internal investigation.

If you have a HealthEquity HSA, FSA, HRA, or 401K, here is what you need to know about this latest data breach and what you can do next if your personal information has been compromised.

Affected individuals will be notified of this data breach by HealthEquity in early August. However, the data breach notification shared with the Maine Attorney General's Office includes all the details of what personal information was obtained by the hackers behind this breach.

In the notice, the law firm representing HealthEquity explained that full names, home addresses, telephone numbers, employer and employee IDs, Social Security numbers, general dependent information, and some payment card information were accessed in an unstructured data repository using stolen credentials The report explains that all were disclosed after the stolen credentials were used to access the unstructured data repository.

Although 4.3 million people were affected by this breach, the data that was leaked varied from individual to individual. Thus, one person's name and address may have been stolen, but not their Social Security number.

Fortunately, the data repository in question is now secure. Similarly, HealthEquity has also implemented global password resets for third-party vendors whose accounts were compromised and used to access patients' personal information.

If you have an HSA or other account with HealthEquity and your personal information was compromised as a result of this breach, you will most likely be notified by mail. Similar to the data breach notification above, this letter will explain what happened, how the company handled the situation, and what assistance is being offered to affected individuals.

While some companies do not offer free access to the best identity theft prevention services after a data breach, HealthEquity does. Affected individuals will receive free credit monitoring and identity theft protection through Equifax for the next two years. However, they must enroll in the service using the code provided in their data breach notification letter.

In addition to registering, you should also keep an eye on your bank and other financial accounts for signs of fraud. At the same time, be careful when checking your inbox and text messages, as hackers may use this stolen data to launch phishing attacks targeting affected individuals.

Hackers claiming responsibility for this information breach have not yet come forward, and the stolen data has not been posted online.