UnitedHealthcare warns members' information was exposed in data breach
CHICAGO (CBS) -- UnitedHealthcare said Friday that some of its members' personal information has been exposed in a data breach.
The health insurance company said on Feb. 22, it identified suspicious activity on its local app that may have led to the disclosure of members' personal information.
The breach occurred between Feb. 19 and Feb. 25, and UnitedHealthcare determined personal information may have been affected on April 10.
The information may have included members' first and last names. Health insurance member ID numbers, dates of birth, addresses, dates of service, provider names, claim information, and group names and numbers, UnitedHealthcare said. Social Security and driver's license numbers were not exposed.
Those who were affected were notified directly by mail, the insurance company said.
Upon discovering the breach, UnitedHealthcare locked the portal account for members to and initiated a forced password reset. The company later determined its app was targeted in a credential stuffing attack – and there was no evidence that the member login credentials used in the attack were accessed or obtained through any UnitedHealthcare system.
UnitedHealthcare will offer two years of LifeLock Identity Theft Protection Services to anyone who detects their personal information being misused.
Anyone with questions should call (800) 669-1812 from 8 a.m. to 5 p.m. Central Time, Monday through Friday.