A Texas-based company that provides health insurance and benefit plans disclosed a data breach affecting almost 2.5 million people, some of whom had their Social Security number stolen.
WebTPA said in a data breach notice published earlier this month that the company detected “evidence of suspicious activity” on December 28, 2023, which prompted the company to launch an investigation “to mitigate the threat and further secure our network.”
The investigation, the company said, “concluded that the unauthorized actor may have obtained personal information between April 18 and April 23, 2023,” approximately eight months before the company detected the breach.
“The information that was impacted may have included name, contact information, date of birth, date of death, Social Security number, and insurance information. Not every data element was present for every individual,” the company wrote in the notice posted on its website.
WebTPA reported the breach to the U.S. Department of Health and Human Services earlier this month on May 8, according to the federal department’s website. In this report, WebTPA disclosed that the breach affected 2,429,175 individuals and that the breach occurred on a “network server.”
TechCrunch asked the company to clarify exactly how many people had their Social Security numbers stolen, among other questions. WebTPA did not respond to multiple requests for comment.
WebTPA also said that it is not aware of “any misuse of benefit plan member information,” and that financial account information, credit card numbers as well as “treatment or diagnostic information” were not impacted in the breach.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss the 20th anniversary of TechCrunch, and a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
Contact Us
Do you know more about this WebTPA breach? Or similar data breaches? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.
