Operations

6/14/2018
12:49 PM
50%
50%

23,000 Compromised in HealthEquity Data Breach

HealthEquity, which handles more than 3.4 million health savings accounts, was breached when an intruder accessed an employee's email.

Sometimes all it takes is one employee to spark a cybersecurity wildfire, as HealthEquity learned this week. The company, which handles more than 3.4 million health savings accounts, suffered a data breach when an unauthorized person accessed an employee's email account.

The incident took place on April 11 and was discovered two days later. When the company learned an employee's email was compromised, it removed access to the mailbox and hired a forensics firm to confirm the breach did not affect other HealthEquity systems.

HealthEquity manages flexible spending accounts, 401(k) accounts, health reimbursement, and other services for about 40,000 companies, Health Data Management reports. The breach affected two Michigan-based companies, both of which work with HealthEquity and have been offered five years of credit monitoring and identity theft protective services.

Data affected in the breach includes employee names, employer names, employee and employer HealthEquity IDs, different types of healthcare accounts, deduction amounts, and for some workers, their Social Security Numbers.

Read more details here.

 

Top industry experts will offer a range of information and insight on who the bad guys are – and why they might be targeting your enterprise. Click for more information

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Weaponizing IPv6 to Bypass IPv4 Security
John Anderson, Principal Security Consultant, Trustwave Spiderlabs,  6/12/2018
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security Compass,  6/12/2018
Why CISOs Need a Security Reality Check
Joel Fulton, Chief Information Security Officer for Splunk,  6/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
The State of IT and Cybersecurity
The State of IT and Cybersecurity
IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10617
PUBLISHED: 2018-06-18
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length heap buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application t...
CVE-2018-10621
PUBLISHED: 2018-06-18
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length stack buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application ...
CVE-2018-10623
PUBLISHED: 2018-06-18
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote co...
CVE-2015-4664
PUBLISHED: 2018-06-18
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.
CVE-2018-9021
PUBLISHED: 2018-06-18
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.