UnitedHealthcare has reported having its mobile app impacted by a credential stuffing attack between Feb. 19 and 25, which has compromised some personal information belonging to its healthcare plan members, according to CBS News Los Angeles.
Information believed to have been exposed in the incident include members' names, birthdates, addresses, health insurance member identification numbers, service dates, provider names, claim details, and group name and number, said UnitedHealthcare, who emphasized that no Social Security numbers or driver's license numbers were compromised in the breach.
Individuals impacted by the attack have already been notified and are being given free theft protection services for two years.
"Upon discovery, the company took prompt action to investigate the matter. The portal account for members was locked to prevent any further access and we initiated a forced password reset... We have no evidence that member login credentials used during the attack were accessed or obtained from any UnitedHealthcare system," said UnitedHealthcare in a statement.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news