Beginning Wednesday, Sept. 8, 2021, a number of UC employees received emails from WEX Health (the administrator for UC’s flexible spending account, COBRA and adoption assistance plans) about a change in information in their online WEX account. These changes were made in error, and all account information is being corrected.
UC employee data has not been compromised. This was not the result of a security breach, and you do not need to take any action.
What to expect
Employees who were affected by this processing error will receive a total of three notification emails from WEX:
- The initial notification that your information has been changed
- A second email alerting you of the change back to your correct information
- A third email explaining the situation
To those who suspected and/or reported this email as a potential phishing attempt, thank you for your continued vigilance. We sincerely regret any uncertainty or inconvenience this error may have caused.
Frequently Asked Questions
What was the error that caused this situation?
A file that was sent to WEX Health for testing purposes was loaded in error into WEX’s system. That test file included scrambled employee names and a placeholder (dummy) address instead of actual employee data. No breach of personal employee information occurred.
As part of WEX Health’s automated security processes, employees received notifications when their information was incorrectly changed and again when the error was corrected.
Who was affected?
Employees eligible for Faculty/Staff benefits were included on the test file with scrambled and placeholder (dummy) information.
How will this be fixed?
All WEX Health account information will be corrected by Sept. 9, 2021, and impacted employees will be notified about the error and its resolution. The cause of the problem has been identified and action has been taken to prevent this type of error from occurring in the future.
Do I need to take any action to correct or secure my personal information?
No. Your information will be corrected without any action required on your part. Your personal data was not breached as a result of this error, so you do not need to take any action to secure your personal information.