A Texas-based company that provides health insurance and benefits plans has disclosed a data breach that affected nearly 2.5 million people, some of whom had their Social Security numbers stolen.
WebTPA refers to a data breach notification It was reported earlier this month that the company detected “evidence of suspicious activity” on December 28, 2023, prompting the company to launch an investigation “to mitigate the threat and further secure our network.”
The investigation, the company said, “concluded that the unauthorized actor may have obtained personal information between April 18 and April 23, 2023,” about eight months before the company discovered the breach.
“Information affected may include name, contact information, date of birth, date of death, social security number and insurance information. Not every data item existed for every individual,” the company wrote in a statement posted on its website.
WebTPA reported the breach to the US Department of Health and Human Services earlier this month on May 8. according to the website of the federal ministry. In this report, WebTPA revealed that the breach affected 2,429,175 people and that the breach occurred on a “network server”.
TechCrunch asked the company to clarify exactly how many people had their Social Security numbers stolen, among other questions. WebTPA did not respond to multiple requests for comment.
WebTPA also said it was unaware of “any misuse of benefit plan member information” and that financial account information, credit card numbers, and “treatment or diagnostic information” were not affected in the breach.
Contact us
Know more about this WebTPA breach? Or similar data breaches? From a non-working device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382 or via Telegram, Keybase and Wire @lorenzofb or via email. You can also contact TechCrunch via SecureDrop.
