HealthEquity, an administrator of workplace benefits for more than 15 million people, is notifying 4.3 million individuals, starting on August 9, 2024, that their personal information was compromised. The compromised data includes names, addresses, phone numbers, employee IDs, employers, Social Security numbers, health card numbers, health plan member numbers, benefit types, dependent information, and diagnosis information, prescription information, and payment card information.

The incident was caused when a third-party vendor’s user account was compromised, and the user’s password was stolen. The vendor’s credentials were then used to access a data repository that included the customers’ personal information. HealthEquity has posted a notice of the data breach on its website. It will offer affected individuals with two years of credit monitoring. If you have an account with HealthEquity, access its website here, which includes a toll-free number for questions.