A Texas-based company that provides health insurance and benefits plans has disclosed a data breach that affected approximately 2.5 million people, some of whom had their Social Security numbers stolen.
In a data breach notification issued earlier this month, WebTPA said that the company detected “evidence of suspicious activity” on December 28, 2023, and that the company was “taking steps to mitigate the threat and further secure our network.” '' He said he had started an investigation.
The company said its investigation concluded that the fraudster “may have obtained personal information between April 18 and April 23, 2023,” approximately eight months before the breach was detected. That's what it means.
“The affected information may have included name, contact information, date of birth, date of death, Social Security number, and insurance information. There is no way that all data elements existed for every individual. not,” the company wrote in a notice posted on its website.
WebTPA reported the breach to the U.S. Department of Health and Human Services earlier this month on May 8, according to the federal department's website. In this report, WebTPA revealed that this breach affected her 2,429,175 individuals and that the breach occurred on a “network server.”
TechCrunch asked the company to clarify, among other questions, the exact number of people whose Social Security numbers were stolen. However, WebTPA did not respond to multiple requests for comment.
WebTPA also said it was not aware of any “misuse of benefit plan member information” and that no financial account information, credit card numbers, or even “treatment or diagnostic information” were affected by the breach.
inquiry
Do you know more about this WebTPA breach? Or is it a similar data breach? From a non-work device, contact Lorenzo Franceschi-Bicchierai on Signal (+1 917 257 1382), Telegram, Keybase and Wire @lorenzofb, or email You can contact us safely. You can also contact TechCrunch via SecureDrop.