May 28, 2024

2.4 Million Individuals Impacted by WebTPA Data Breach

2.4 Million Individuals Impacted by WebTPA Data Breach - data breach

Earlier this year, WebTPA Employer Services, LLC (“WebTPA”) announced it suffered a data breach that affected 2.4 million individuals. WebTPA is a third-party administrator based out of Irving, Texas, that processes behalf of health plans. The insurance company claims it first was made aware of the breach on December 28, 2023 where it detected evidence of suspicious activity on the WebTPA network. Upon discovering the breach, the company launched an investigation with an industry-leading third-party cybersecurity expert, which determined an unauthorized actor may have accessed and obtained the personal information of its members between April 18 and April 23, 2023.

The insurance company claims that while not every data element was present for every individual, all 2.4 million members had at least one or more forms of the following information impacted by the breach: names, contact information, dates of birth, dates of death, Social Security numbers, and member insurance information. 

WebTPA assured its members while their personal information was breached, their financial information, such as financial account information or credit card numbers and treatment or diagnostic information, was not impacted. The company has already started sending written notifications to the affected individuals starting in April and has submitted copies of the letters to the relevant authorities across the United States.


WebTPA Offers its Members Free Data Protection Services

According to the breach notice posted on the company’s website, WebTPA claims it is not aware of any misuse of benefit plan member information as a result of the incident. However, out of an abundance of caution, it has taken steps to strengthen the security of its network by deploying additional security measures and tools with the guidance of third-party cybersecurity experts. WebTPA has also partnered with Kroll, a financial and risk advisory firm, to offer affected individuals two years of complimentary identity monitoring services.

WebTPA has established a dedicated call center to answer questions affected individuals may have regarding the incident. The call center may be reached at (866) 495-9179 Monday through Friday from 9:00 a.m. to 6:30 p.m. EST. Along with the protection services, the insurance company is also advising its members to remain vigilant against attempts at identity theft or fraud and if they should report any suspicious activity.


Extra Steps You Can Take to Secure Your Data After the Webtpa Data Breach

As the WebTPA suggests, it is critical for those affected by a data breach to remain vigilant over their personal information, as it has been potentially accessed by those who would wish to cause them harm in the form of identity theft or fraud. One extra step you can take to protect your data would be to monitor your credit. Laws like the  Fair and Accurate Credit Transactions Act allow consumers one free credit report annually from each of the three major credit reporting bureaus: Equifax, Experian, and TransUnion. 

Reviewing your credit report allows you to actively correct any errors in your credit history and protect your credit identity. The Fair Credit Reporting Act(FCRA) works similarly by providing you with certain credit protections, as the law states victims of fraud have the right to be informed the information in their credit file has been used against them in a fair, timely, and accurate manner. Under the FCRA, victims have the right to review that report and correct any errors that may be in their credit file. 

Should you uncover your information has been used fraudulently, in order to prevent further actions taken with your information, you have the right to request a "credit freeze" on your credit report. A credit freeze will prohibit a credit bureau from releasing information on your credit report without your expressed authorization. This action will also prevent credit, loans, and services from being approved in your name without your consent. 

Once you’ve frozen your credit, we recommend that you contact the Federal Trade Commission, your state's Attorney General's office, or law enforcement to report the incident as soon as possible. For those looking for more frequent or daily credit monitoring, signing up for credit monitoring sites like Credit Karma may be the best option for you, as it offers its customers free and daily access to their credit reports and provides suspicious activity alerts and other financial protective services. 

Those members who have had their insurance information accessed during a breach should also ensure they are well-versed in their insurance Explanations of Benefits and monitor for any suspicious activity. If you were one of the 2.4 million affected by the WebTPA data breach, speaking to an attorney may also help you better understand the scope of your situation. For more information, contact a Morgan & Morgan data breach attorney by completing our free, no-obligation case evaluation form.