MedicareCompareUSA Data Breach Affects PII & PHI

In November 2024, MedicareCompareUSA, acting on behalf of United Healthcare, discovered suspicious activity affecting certain email accounts. An investigation determined that unauthorized access to these email accounts occurred between Nov. 5 and Nov. 21, 2024.

MedicareCompareUSA notified United Healthcare on March 18, 2025, that individuals connected to United Healthcare may have been impacted. The data breach compromised both personal and protected health information of individuals with multiple major health insurance companies.

Exposed information may include names, Social Security numbers, dates of birth, health insurance policy numbers, Medicaid and Medicare numbers. MedicareCompareUSA disclosed the cybersecurity incident to the Massachusetts and Washington Attorney Generals' offices on June 27, 2025.

Affected individuals were notified by mail beginning on June 27, 2025 and include at least 1,258 Washington residents and one Massachusetts resident.

MedicareCompareUSA and United Healthcare's response

In addition to required state and federal disclosures, MedicareCompareUSA is offering 12 free months of TransUnion Cyberscout single bureau credit monitoring services to affected individuals.

If you receive a notice from MedicareCompareUSA or your United Healthcare about this breach, you may want to:

• Sign up for the free TransUnion Cyberscout credit monitoring services offered.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

More information about the company can be found on the MedicareCompareUSA website.