Social Security numbers of some 280,000 Medicaid and Children’s Health Insurance Plans users and “less sensitive” information on 500,000 more of them has been exfiltrated from a Utah Department of Technology Services’ computer server by unknown attackers, making this breach the largest in state history.
The data theft has been first discovered last week, and it was initially thought that the SS numbers of only 24,000 people were compromised.
Unfortunately, as the investigation in the matter continued, the huge final numbers were revealed and confirmed by the Utah Department of Health on Monday.
The people who had their information compromised are those who availed themselves of the services of Utah-based healthcare providers in the last four months. The “lucky” ones got only their names, addresses and dates of birth stolen by the criminals.
The affected individuals have been contacted by mail and warned to be careful about likely phishing attempts via phone or email. They have also been offered free credit monitoring for a year.
It seems that there have been no attempts of using the stolen information to fraudulently obtain loans or credit cards so far.
“The data breach initially occurred on Friday, March 30,” explained the Utah Department of Health.
“A configuration error occurred at the password authentication level, allowing the hacker to circumvent DTS’s security system. DTS has processes in place to ensure the state’s data is secure, but this particular server was not configured according to normal procedure. DTS has identified where the breakdown occurred and has implemented new processes to ensure this type of breach will not happen again.”
It is believed that the attackers are located in Eastern Europe.