As reported by BleepingComputer, HSA provider HealthEquity has revealed that it suffered a data breach in which hackers stole the personal information of millions of Americans

According to a Form 8-K filed with the SEC in early July, hackers used a partner's compromised credentials to access this sensitive health data An investigation revealed that the breach occurred in March of this year, but HealthEquity confirmed this to be true at the end of June after an internal investigation

If you have a HealthEquity HSA, FSA, HRA, or 401K, here is what you need to know about this latest data breach and what you can do next if your personal information has been compromised

Affected individuals will be notified of this data breach by HealthEquity in early August However, the data breach notification shared with the Maine Attorney General's Office includes all the details of what personal information was obtained by the hackers behind this breach

In the notice, the law firm representing HealthEquity explained that full names, home addresses, telephone numbers, employer and employee IDs, Social Security numbers, general dependent information, and some payment card information were accessed in an unstructured data repository using stolen credentials The report explains that all were disclosed after the stolen credentials were used to access the unstructured data repository

Although 43 million people were affected by this breach, the data that was leaked varied from individual to individual Thus, one person's name and address may have been stolen, but not their Social Security number

Fortunately, the data repository in question is now secure Similarly, HealthEquity has also implemented global password resets for third-party vendors whose accounts were compromised and used to access patients' personal information

If you have an HSA or other account with HealthEquity and your personal information was compromised as a result of this breach, you will most likely be notified by mail Similar to the data breach notification above, this letter will explain what happened, how the company handled the situation, and what assistance is being offered to affected individuals

While some companies do not offer free access to the best identity theft prevention services after a data breach, HealthEquity does Affected individuals will receive free credit monitoring and identity theft protection through Equifax for the next two years However, they must enroll in the service using the code provided in their data breach notification letter

In addition to registering, you should also keep an eye on your bank and other financial accounts for signs of fraud At the same time, be careful when checking your inbox and text messages, as hackers may use this stolen data to launch phishing attacks targeting affected individuals

Hackers claiming responsibility for this information breach have not yet come forward, and the stolen data has not been posted online