In a series of coordinated cyber attacks against UnitedHealthcare, the hackers broke into the company’s computer systems in February 2024. They stole the names, addresses, emails, and social security numbers of registered clients who are now seeking redress in court.
Scores of Americans have filed a class action lawsuit against the company before the U.S. District Court for the District of Minnesota, saying their private health data was stolen following a 2024 database breach.
The hacking started on February 21, 2024, according to the lawsuit filed on January 15, 2025.
Although Russia-based BlackCat mainly orchestrated the hack, they said the stolen files were downloaded mostly by Nigerians, but some downloads also occurred in Russia and Brazil.
“The data was quickly spread across five continents: North America, Asia, Europe, Africa, and South America. In the end, it was downloaded by 47 different parties,” stated the suit filed on Wednesday.
“It was mainly downloaded by users in Nigeria, Russia, and Brazil, with the most activity coming from Nigeria and Russia,” it added. “This experiment demonstrated that data released on the dark web will quickly spread around the world.”
At least 60 Americans are taking part in the lawsuit, each alleging in court filings how they were adversely impacted by the breach, considered among the largest in the healthcare industry’s history.
