Officials from the Utah Department of Health issued a statement in late March stating that 24,000 people had their personal information stolen as a result of a security breach on a state computer. Since then, the officials have revised the total number of affected individuals several times. It now stands at nearly 900,000.
Security experts say that those affected by the security breach could have done nothing to prevent their information from being stolen. The breach occurred when hackers discovered a weak password used by a state server technician. They then exploited the weak password and stole 24,000 files that contained sensitive information. The stolen data includes such information as patient names, dates of birth, Social Security numbers, employer identification numbers, and other information that a thief could use to open new financial accounts.
All of the information came from the state computer database that housed Medicaid patient identification information including information on low-income children.
The Utah Department of Health is offering a year of free credit monitoring to anyone affected by the data loss. They are also recommending that affected individuals monitor their credit card statements and bank accounts closely over the next several months.
Security experts say that because much of the data stolen included information about children, hackers could use this to open credit accounts in the child’s name and not get caught for years. Children do not have credit reports, so it is often very hard to determine if a fraudulent account has been opened in the child’s name.