(COLORADO) — UnitedHealthcare (UHC) has alerted members to a data breach that may have led to personal data being accessed, including names, dates of birth, addresses, and more.
According to a press release from UHC, on Feb. 22, suspicious activity was identified on the UHC mobile app that may have led to the disclosure of member information. The company said they believe this access occurred between Feb. 19 – Feb. 25, and on April 10, UHC learned that some personal information may have been impacted by the incident.
The information that may have been obtained included members’ first and last name, health insurance member ID number, date of birth, address, date(s) of service, provider name(s), claim information, and group name and number. UHC said the incident did not involve the disclosure of any Social Security numbers or driver’s license numbers.
Those whose information may have been impacted were notified by UHC via mail beginning Friday, April 28.
UHC said the company took prompt action to investigate as soon as the breach was discovered. The mobile app portal account for members was immediately locked to prevent any further access, and a forced password reset was initiated.
The company said through their investigation, UHC determined the mobile app was the target of a “credential stuffing attack” – where an attacker uses compromised credentials to gain unauthorized access to protected accounts.
UHC said there is no evidence that member login credentials used during the attack were accessed from any UHC system.