A class action lawsuit has been filed against HealthEquity, alleging the company failed to properly safeguard its customers’ personally identifiable information (PII) during a data breach in July 2024. The plaintiff, Colin Booth, claims that HealthEquity neglected its legal duty to protect sensitive data and did not encrypt or redact the compromised information. The breach exposed customer names, addresses, phone numbers, Social Security numbers, payment card details, and other personal data.
Booth argues that the data breach has put HealthEquity customers at risk of identity theft and fraud for the foreseeable future. He claims that hackers intentionally targeted the company’s unprotected data and now possess sensitive information that could be exploited. The lawsuit states that customers will face ongoing risk due to HealthEquity’s failure to implement adequate security measures.
The legal claims in the class action include negligence, breach of contract, and unjust enrichment. Booth is seeking a jury trial, as well as injunctive relief and financial compensation for himself and other affected class members. He also demands that HealthEquity be held accountable for failing to protect its customers’ sensitive data.
HealthEquity disclosed that the data breach affected 4.3 million customers, attributing the incident to a vendor’s compromised user accounts. The breach occurred in March 2024 but was only discovered in June. The lawsuit is being handled by attorneys Jason R. Hull and Gary M. Klinger.
Reference: