WebTPA Employer Services has disclosed a data breach impacting the personal information of more than 2.4 million individuals.
Based out of Irving, Texas, and a wholly owned subsidiary of GuideWell Mutual Holding Corporation, WebTPA is a third-party administrator (TPA) specializing in health insurance and benefits plans.
The cyber incident, WebTPA says in a notice on its website, was discovered on December 28, 2023, after detecting evidence of suspicious activity on its network.
The investigation into the matter revealed that a threat actor stole personal information from its systems between April 18 and April 23, 2023, including names, contact info, dates of birth, dates of death, insurance information, and Social Security numbers.
According to the TPA, the exposed data differs by individual. Financial information, credit card numbers, and health and medical information was not affected by the incident.
“WebTPA promptly informed benefit plans and insurance companies about the incident and the potential exposure of personal information. WebTPA then diligently worked to confirm the extent of impacted data, which we provided to benefit plans and insurance companies on March 25, 2024,” the company says.
The company has strengthened the security of its network and is providing the impacted individuals with two years of free identity monitoring services.
WebTPA has notified the relevant authorities of the incident, and informed the US Department of Health and Human Services on May 8 that the personal information of 2,429,175 individuals was compromised in the incident.
The company started sending written notifications to the affected individuals in April, and has submitted copies of the letters to the relevant authorities across states, including those in California, Massachusetts, and South Carolina.
While WebTPA’s notice does not share information on the affected clients, organizations such as Allied Pilots Association, Dean Health Plan, Gerber Life Insurance Company, The Hartford Insurance, and Transamerica Life Insurance Company are confirmed to have been affected.
Starting April 11, several law firms have announced investigations into the data breach on behalf of the impacted individuals, and several lawsuits have been filed against WebTPA in the Northern District of Texas.
Related: MediSecure Data Breach Impacts Patient and Healthcare Provider Information
Related: Nissan Data Breach Impacts 53,000 Employees
Related: 900k Impacted by Data Breach at Mississippi Healthcare Provider
