By Sam Combest —

The personal data of nearly 1,700 University of Louisville faculty and staff was possibly leaked in a data breach, U of L announced. Medical plan information administered by a third party was compromised, but there is no evidence of wrongdoing.

The affected employees all had specific health plans managed by HealthEquity and Anthem BlueCross BlueShield. Faculty and staff received a Dec. 3 email about the data breach.

According to John Karman, director of media relations, “The university notified all employees and former employees whose information may have been compromised.”

The employees who were impacted were enrolled in the Personal Care Account (PCA)-high and PCA-low health plans in 2017.

U of L was notified over Thanksgiving break that two employee email accounts had been accessed with personal information.

HealthyEquity has a contract with Anthem BlueCross BlueShield. The companies administer the PCA plans for the university.

The email said, “According to HealthEquity, there is no evidence of the data having been seen by an individual or having been used for any illicit purposes.”

Some of the information at risk includes Social Security Numbers, participant’s names, HealthEquity ID numbers, account types and employer names.

HealthEquity completed an investigation and “found no personal financial information of the individuals was included in the documents that may have been accessed.”

No university systems were involved in this breach and the university is working with HealthEquity and Anthem to ensure there aren’t any more victims and how to better secure the information.

HealthEquity is providing five years of free credit monitoring.

More information may be found at HealthEquity.

Employees are encouraged to contact the HealthEquity call center 866-346-5800 with any questions they may have or they may contact the U of L benefits department 502-852-0040.