UnitedHealthcare has reported having its mobile app impacted by a credential stuffing attack between Feb. 19 and 25, which has compromised some personal information belonging to its healthcare plan members, according to CBS News Los Angeles.
Information believed to have been exposed in the incident include members' names, birthdates, addresses, health insurance member identification numbers, service dates, provider names, claim details, and group name and number, said UnitedHealthcare, who emphasized that no Social Security numbers or driver's license numbers were compromised in the breach.
Individuals impacted by the attack have already been notified and are being given free theft protection services for two years.
"Upon discovery, the company took prompt action to investigate the matter. The portal account for members was locked to prevent any further access and we initiated a forced password reset... We have no evidence that member login credentials used during the attack were accessed or obtained from any UnitedHealthcare system," said UnitedHealthcare in a statement.
Such postponement comes after Recall was subjected to several delays since June due to security concerns associated with the feature, which has since been allayed by Microsoft with its assurances of an opt-in experience, a completely encrypted database, and Windows Hello-based authentication.
Aside from enabling surveillance that curtails individuals' privacy rights, the UN cybercrime treaty — which has already been approved by the body's Ad Hoc Committee on Cybercrime — also requires the gathering and sharing of private internet user data with other countries that could legitimate authoritarian nations' partnerships.