WebTPA, a Texas-based third-party health insurance plan administrator, suffered a data breach discovered in April 2023 but not publicly disclosed until May 2024 — a 13-month delay. The breach affected 2,518,533 individuals who held health insurance plans administered by WebTPA, including customers of Transamerica Life Insurance, USAA Life Insurance, Gerber Life Insurance, and other carriers. Exposed data included names, contact information, dates of birth, SSNs, and health insurance information. No financial account numbers or treatment information were compromised. A $13.75 million settlement was reached to resolve class action litigation. Notable for the extremely long disclosure delay (13 months) and for impacting policyholders of multiple major insurance brands via a shared third-party administrator.