Medicare Compare USA Data Breach Affects Personal, Financial and Health Info

Medicare Compare USA experienced a major data breach. In Nov. 2024, the company detected suspicious activity related to certain internal email accounts. An investigation was launched and it was determined that an unauthorized actor gained access to specific email accounts between Nov. 5, 2024, and Nov. 21, 2024.

A review took place and once completed, revealed that the cybersecurity incident compromised personally identifiable information (PII) and protected health information (PHI). Exposed information included names, date of birth bank account number, health insurance individual policy number, Medicare number, medical history, treatments and diagnoses.

Medicare Compare USA began notifying impacted individuals by mail on Sept. 10, 2025. The total number of affected customers has not been released, but is believed to be in the thousands.

The data breach was also disclosed to the Massachusetts Attorney General's office on Sept. 10. 2025.

Medicare Compare USA's response

Upon discovering the unauthorized access, Medicare Compare USA secured its email system and launched an internal investigation to assess the scope and impact of the incident. In addition to required state and federal disclosures, the company is offering affected individuals 12 free months of TransUnion Cyberscout credit monitoring and identity protection services.

If you received a notice from Medicare Compare USA about this breach, you may want to:

• Sign up for the free credit monitoring and identity protection services, provided by the company.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

For more information about the company and its services, visit the Medicare Compare USA website.