Harvard Pilgrim Health Care suffered a significant data breach due to external hacking between **March 28, 2023, and April 17, 2023**, compromising the personal and financial information of **2,632,275 individuals**, including **993 Maine residents**. The exposed data may include **names, Social Security numbers, and financial account details**, heightening the risk of identity theft and financial fraud. In response, the company offered **two years of identity theft protection services via IDX** to affected individuals. The breach was reported to the **Maine Office of the Attorney General on February 15, 2024**, underscoring the severity of the incident and its potential long-term consequences for customers, including fraud, financial loss, and reputational harm to the organization.
TPRM report: https://www.rankiteo.com/company/harvard-pilgrim-health-care
"id": "har504091625",
"linkid": "harvard-pilgrim-health-care",
"type": "Breach",
"date": "3/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '2,632,275',
'industry': 'Healthcare',
'location': 'United States (including 993 Maine '
'residents)',
'name': 'Harvard Pilgrim Health Care',
'type': 'Healthcare Provider / Insurance'}],
'attack_vector': 'External Hacking',
'customer_advisories': 'Identity theft protection services offered for two '
'years via IDX',
'data_breach': {'data_exfiltration': 'Likely (data compromised in breach)',
'number_of_records_exposed': '2,632,275',
'personally_identifiable_information': ['names',
'Social Security '
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Account Information']},
'date_publicly_disclosed': '2024-02-15',
'description': 'The Maine Office of the Attorney General reported that '
'Harvard Pilgrim Health Care experienced a data breach '
'involving external hacking from March 28, 2023, to April 17, '
'2023, affecting approximately 2,632,275 individuals, '
'including 993 Maine residents. The compromised data may '
'include names, Social Security numbers, and financial account '
'information. Identity theft protection services were offered '
'for two years through IDX.',
'impact': {'data_compromised': ['names',
'Social Security numbers',
'financial account information'],
'identity_theft_risk': 'High (PII and financial data exposed)',
'payment_information_risk': 'High (financial account information '
'exposed)'},
'references': [{'date_accessed': '2024-02-15',
'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Office of the '
'Attorney General (and '
'potentially others, '
'given multi-state '
'impact)'},
'response': {'recovery_measures': 'Offered two years of identity theft '
'protection services via IDX',
'third_party_assistance': 'IDX (for identity theft protection '
'services)'},
'title': 'Harvard Pilgrim Health Care Data Breach (2023)',
'type': 'Data Breach'}