Connect with us

Hi, what are you looking for?


Data Breaches

2.4 Million Impacted by WebTPA Data Breach

Health insurance firm WebTPA says the personal information of 2.4 million individuals was compromised in a data breach.

WebTPA Employer Services has disclosed a data breach impacting the personal information of more than 2.4 million individuals.

Based out of Irving, Texas, and a wholly owned subsidiary of GuideWell Mutual Holding Corporation, WebTPA is a third-party administrator (TPA) specializing in health insurance and benefits plans.

The cyber incident, WebTPA says in a notice on its website, was discovered on December 28, 2023, after detecting evidence of suspicious activity on its network.

The investigation into the matter revealed that a threat actor stole personal information from its systems between April 18 and April 23, 2023, including names, contact info, dates of birth, dates of death, insurance information, and Social Security numbers.

According to the TPA, the exposed data differs by individual. Financial information, credit card numbers, and health and medical information was not affected by the incident.

“WebTPA promptly informed benefit plans and insurance companies about the incident and the potential exposure of personal information. WebTPA then diligently worked to confirm the extent of impacted data, which we provided to benefit plans and insurance companies on March 25, 2024,” the company says.

The company has strengthened the security of its network and is providing the impacted individuals with two years of free identity monitoring services.

WebTPA has notified the relevant authorities of the incident, and informed the US Department of Health and Human Services on May 8 that the personal information of 2,429,175 individuals was compromised in the incident.

Advertisement. Scroll to continue reading.

The company started sending written notifications to the affected individuals in April, and has submitted copies of the letters to the relevant authorities across states, including those in California, Massachusetts, and South Carolina.

While WebTPA’s notice does not share information on the affected clients, organizations such as Allied Pilots Association, Dean Health Plan, Gerber Life Insurance Company, The Hartford Insurance, and Transamerica Life Insurance Company are confirmed to have been affected.

Starting April 11, several law firms have announced investigations into the data breach on behalf of the impacted individuals, and several lawsuits have been filed against WebTPA in the Northern District of Texas.

Related: MediSecure Data Breach Impacts Patient and Healthcare Provider Information

Related: Nissan Data Breach Impacts 53,000 Employees

Related: 900k Impacted by Data Breach at Mississippi Healthcare Provider

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.


People on the Move

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

Jill Passalacqua has been appointed Chief Legal Officer at autonomous security solutions provider

Cisco has appointed Sean Duca as CISO and Practice Leader for the APJC region.

More People On The Move

Expert Insights