MedicareCompareUSA Data Breach Exposes Social Security Numbers

In November 2024, MedicareCompareUSA, a Medicare insurance agency, detected suspicious activity involving certain email accounts. After securing their systems, the company launched a thorough investigation to determine the scope and impact of the incident. The investigation revealed that unauthorized access occurred between November 5 and November 21, 2024.

At least 1,768 residents were impacted in Washington State, according to the Washington Attorney General's office.

In addition, the Massachusetts Attorney General's office May 12th disclosure states five people impacted in the state.

The breach involved files containing personally identifiable information (PII), including names, dates of birth, and either Social Security numbers or individual tax identification numbers. The unauthorized access was limited to certain email accounts, and there is no indication at this time of broader system compromise or evidence that the information has been misused. However, because the exposed data includes sensitive identifiers, there is a risk of identity theft or fraud.

MedicareCompareUSA's response

For those affected, MedicareCompareUSA is offering complimentary credit monitoring, credit reports, and credit score services for 24 months through Cyberscout, a TransUnion company specializing in fraud assistance. These services provide alerts when changes occur to a participant’s credit file, giving individuals the ability to respond quickly to any suspicious activity. MedicareCompareUSA is also providing access to proactive fraud assistance resources.

If you received a notice from MedicareCompareUSA, it is strongly recommended that you enroll in the free credit monitoring services as soon as possible, as the company cannot do this on your behalf. In addition, you should remain vigilant by reviewing your account statements, monitoring your free annual credit reports, and considering placing a fraud alert or credit freeze on your credit files if you notice any suspicious activity. For further details and enrollment instructions, refer to the notice provided by the company or contact the dedicated support line listed in your letter.