HealthEquity Data Breach: What You Need to Know

Lemberg Law is actively investigating the HealthEquity data breach, which may have compromised sensitive information belonging to participants in HSA, FSA, HRA, COBRA, and commuter benefits plans. If you received a breach notice from HealthEquity or WageWorks, your personal data could be at risk.

What Happened?

In March 2024, HealthEquity detected suspicious activity related to one of its vendors. The investigation—conducted with third-party cybersecurity experts—revealed unauthorized access to a storage location outside HealthEquity’s core systems. The breach impacted data held by HealthEquity and its subsidiaries, including WageWorks and Further Operations LLC.

By June 26, 2024, HealthEquity confirmed that certain individuals’ personal information had been compromised. Notifications were mailed in 2025.

What Was Exposed?

The information affected varies by individual but may include:

• First and last name
• Address and telephone number
• Social Security Number
• Employee ID
• Employer name
• Dependent contact information
• Payment card data (excluding card numbers)

Not every person had all data fields compromised.

What You Can Do

If you received a data breach letter from HealthEquity:

• Consider credit and identity monitoring services
• Carefully review your bank and credit card statements for suspicious activity.
• Check your credit reports at all three major bureaus for unfamiliar accounts or inquiries.
• Place a fraud alert or security freeze on your credit file if you suspect misuse.

Contact Lemberg Law to understand your legal rights and potential for compensation.

Need Help? We Offer Free Case Reviews

If HealthEquity notified you about this data breach, you may be eligible for legal remedies. Lemberg Law offers free consultations, and you pay nothing unless we win your case.

Source: California Department of Justice