In November 2024, Medicare Compare USA suffered a major data breach after detecting unauthorized access to internal email accounts between November 5 and November 21, 2024. The investigation confirmed that an unauthorized actor compromised personally identifiable information (PII) and protected health information (PHI), including names, dates of birth, bank account numbers, health insurance policy details, Medicare numbers, medical histories, treatments, and diagnoses. The breach impacted thousands of customers, though the exact number remains undisclosed. Affected individuals were notified via mail in September 2025, nearly a year after the incident. The company reported the breach to the Massachusetts Attorney General’s office and offered 12 months of free credit monitoring and identity protection services through TransUnion Cyberscout. The exposed data poses severe risks, including identity theft, financial fraud, and medical fraud, given the sensitivity of the leaked health and financial records. The breach underscores vulnerabilities in the company’s email security, leading to prolonged exposure of critical customer data.
Source: https://www.claimdepot.com/data-breach/wellcare-2025
TPRM report: https://www.rankiteo.com/company/medicarecompareusa
"id": "med3962239091625",
"linkid": "medicarecompareusa",
"type": "Breach",
"date": "11/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Thousands (exact number not '
'disclosed)',
'industry': 'Healthcare / Insurance Comparison',
'location': 'USA (specific location not provided)',
'name': 'Medicare Compare USA',
'type': 'Healthcare Services Provider'}],
'attack_vector': 'Unauthorized access to email accounts',
'customer_advisories': ['Notified via mail (starting September 10, 2025)',
'Offered 12 months of free TransUnion Cyberscout '
'credit monitoring and identity protection services'],
'data_breach': {'data_exfiltration': 'Likely (data accessed by unauthorized '
'actor)',
'number_of_records_exposed': 'Thousands (exact number not '
'disclosed)',
'personally_identifiable_information': ['Names',
'Dates of birth',
'Bank account numbers',
'Health insurance '
'policy numbers',
'Medicare numbers',
'Medical history',
'Treatments',
'Diagnoses'],
'sensitivity_of_data': 'High (includes financial, health, and '
'personally identifiable data)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': 'November 2024',
'date_publicly_disclosed': '2025-09-10',
'description': 'Medicare Compare USA experienced a major data breach in '
'November 2024, where an unauthorized actor gained access to '
'specific email accounts between November 5, 2024, and '
'November 21, 2024. The breach compromised personally '
'identifiable information (PII) and protected health '
'information (PHI), including names, dates of birth, bank '
'account numbers, health insurance policy numbers, Medicare '
'numbers, medical history, treatments, and diagnoses. The '
'company began notifying affected individuals by mail on '
'September 10, 2025, and disclosed the breach to the '
"Massachusetts Attorney General's office on the same date. The "
'total number of affected customers is believed to be in the '
'thousands.',
'impact': {'brand_reputation_impact': 'Potential reputational damage (not '
'quantified)',
'data_compromised': ['Personally Identifiable Information (PII)',
'Protected Health Information (PHI)',
'Names',
'Dates of birth',
'Bank account numbers',
'Health insurance individual policy numbers',
'Medicare numbers',
'Medical history',
'Treatments',
'Diagnoses'],
'identity_theft_risk': 'High (PII and PHI exposed)',
'payment_information_risk': 'High (bank account numbers exposed)',
'systems_affected': ['Email accounts']},
'initial_access_broker': {'entry_point': 'Email accounts',
'high_value_targets': ['PII and PHI data']},
'investigation_status': 'Completed (internal investigation concluded; '
'notifications sent)',
'post_incident_analysis': {'corrective_actions': ['Secured email system',
'Offered identity '
'protection services to '
'affected individuals']},
'recommendations': ['Sign up for the free credit monitoring and identity '
'protection services provided by Medicare Compare USA.',
'Monitor credit reports and financial accounts for '
'unusual activity.',
'Be alert for phishing emails or phone calls that may use '
'exposed information.',
'Consider placing a fraud alert or credit freeze with '
'major credit bureaus.'],
'references': [{'source': 'Medicare Compare USA Breach Notice (via Claim '
'Depot)'},
{'source': 'Medicare Compare USA Website'}],
'regulatory_compliance': {'regulatory_notifications': ['Massachusetts '
"Attorney General's "
'office (notified on '
'September 10, 2025)']},
'response': {'communication_strategy': ['Notified impacted individuals by '
'mail (starting September 10, 2025)',
'Disclosed breach to the '
"Massachusetts Attorney General's "
'office (September 10, 2025)'],
'containment_measures': ['Secured email system'],
'incident_response_plan_activated': True,
'recovery_measures': ['Offered 12 months of free TransUnion '
'Cyberscout credit monitoring and identity '
'protection services to affected '
'individuals']},
'threat_actor': 'Unauthorized actor (unknown)',
'title': 'Medicare Compare USA Data Breach (November 2024)',
'type': 'Data Breach'}