Malware
WebTPA Data Breach: 2.4 Million Insurance Policyholders’ Confidential Information Exposed
WebTPA, a Texas-based health insurance company, has suffered a data breach that exposed the personal information of 248,000 policyholders. The attackers gained access to a single email account containing sensitive data, including Social Security numbers, dates of birth, and health information. WebTPA has since taken steps to secure its email systems and is offering free credit monitoring to affected individuals.
WebTPA Data Breach Affects Millions of Insurance Customers
Do you have insurance with companies like The Hartford, Transamerica, or Gerber Life Insurance? If so, you might be one of the nearly 2.5 million individuals affected by the WebTPA Employer Services (WebTPA) data breach, as reported by the U.S. Department of Health and Human Services.
What is WebTPA, and what happened?
WebTPA is a subsidiary of GuideWell Mutual Holding Corporation and a third-party administrator (TPA) that offers customized administrative services to health plans and insurance companies. With 18,000 employees and $103 million in annual revenue, WebTPA is a significant player in the industry.
Although the breach occurred last year, the company only discovered evidence of suspicious activity on its network in December. After an investigation, WebTPA found that a threat actor had access to personal data for five days between April 18 and April 23, 2023. However, the breach wasn’t discovered until late December, prompting an immediate response.
What kind of information was exposed?
According to WebTPA’s notification, the exposed data includes:
- Full name
- Contact information
- Date of birth (and death where applicable)
- Social Security Number (SSN)
- Insurance information
Thankfully, financial account information, credit card numbers, medical treatment, and diagnostic information were not exposed in the breach.
How are insurance companies responding?
WebTPA informed benefit plan providers and insurance companies of the data breach on March 25, 2024. Companies like Dean Health Plan, APA Voluntary Supplemental Medical Plan, The Hartford, Transamerica, and Gerber Life Insurance have issued notifications to their affected customers.
WebTPA also provided instructions on how to enroll in two years of credit monitoring, identity theft protection, and fraud consultation services through Kroll, available until August 1st.
What should you do if you’re affected?
While WebTPA isn’t aware of any misuse of the exposed data, it’s essential for those affected to remain vigilant. Be cautious of communications from potential scammers and avoid sharing any personal or financial information. It’s also a good idea to review your credit reports carefully and consider placing a security freeze on your credit files to minimize fraud risks.
Stay Informed and Protected
As cybersecurity experts, we understand the importance of staying informed and taking proactive steps to protect your personal information. Keep coming back to learn more about the latest cybersecurity news and tips to help you secure your digital life.