Utah breach affects 25,000 Social Security numbers

April 6, 2012 By JOSH LOFTIN , Associated Press

(AP) -- Utah health officials said Friday that hackers who broke into state computers last weekend stole far more medical records than originally thought, and the data likely includes Social Security numbers of children who have received public assistance.

Approximately 182,000 beneficiaries of Medicaid and the Children's Health Insurance Program had their personal information stolen, and about 25,000 Social Security numbers were compromised, Utah Department of Health officials said.

Officials originally estimated that about 24,000 people had their records stolen after someone attacked a server beginning March 30. But the culprit actually downloaded 24,000 files, and each file contained hundreds of records, said Stephanie Weiss, spokeswoman for the Utah Department of Technology Services.

The information was stolen from a new server at the Health Department, Weiss said. Although the state has multiple layers of security on every server, a technician installed a password that wasn't as secure as needed.

"We understand clients are worried about who may have accessed their personal information, and that many of them feel violated by having their information compromised," said Michael Hales, deputy director of the Health Department. "But we also hope they understand we are doing everything we can to protect them from further harm."

Clients whose information was stolen will be alerted, with the first priority being those whose Social Security numbers were taken, Health Department spokesman Tom Hudachko said. The department is offering free credit monitoring for a year to anyone who information was stolen and has established a hotline for concerned clients to call.

There is no way to narrow down the potential victims to a specific area of the state because the claims come from clinics throughout Utah, Hudachko said. Also, because providers have up to a year to file a claim, it is difficult to even narrow it down to recent patients.

While the investigation is ongoing, Hudachko said the department is recommending that every Medicaid client monitor credit reports, bank accounts and other areas the hackers could target with the information.

Monitoring financial accounts and credit reports is an important first step, but somebody who knows their identity has been stolen should also alert the three credit bureaus about potential fraud, said Kirk Torgensen, a chief deputy with the Utah attorney general's office who specializes in identity theft.

Protecting children can be more difficult, since they will normally not have a credit report, credit cards or bank accounts to monitor. To assist parents, the state has partnered with the credit bureau TransUnion to provide a way for a child's Social Security number to be registered and their credit essentially frozen until they are old enough to need it.

The website, http://www.idtheft.utah.gov , also allows victims of fraud to file an affidavit that will reduce the amount of time - sometimes hundreds of hours - that identity theft victims have to spend fixing their credit.

Based on the hacker's IP address, which identifies a computer on the Internet, Utah's recent attack likely came from eastern Europe, Weiss said. Someone started downloading the files Sunday, and the server was taken offline Monday after the state's security software caught the attack.

Attacks on other state servers haven't been discovered, "but we're continually reviewing them to make sure they're secure," Weiss said.

Explore further: Hackers breach UC Berkeley computer database

More information: Concerned clients can call the Health Department's hotline at 800-662-9651 or go to http://www.health.utah.gov/databreach for more information.


Related Stories

Hackers breach UC Berkeley computer database

May 8, 2009

(AP) -- University of California, Berkeley, officials said Friday that hackers infiltrated restricted computer databases, putting at risk health and other personal information on 160,000 students, alumni and others.

San Fran college's computer network compromised

January 14, 2012

(AP) -- The computer networks of a San Francisco community college have been infected with software viruses that illegally transmitted personal data from students and employees overseas, school officials said Friday.

Citigroup says 360,000 affected by hackers

June 16, 2011

Hackers stole account information of more than 360,000 of Citigroup Inc.'s U.S. credit card customers in a recent data breach, the bank said Wednesday, almost double the number initially thought.

'Anonymous' hackers access Austrian bank data

July 25, 2011

The Austrian branch of the hacker group Anonymous accessed the bank data of 96,000 people in an attack on the website of the country's GIS television licence agency, officials said on Monday.

Recommended for you

Cryptocurrency rivals snap at Bitcoin's heels

January 14, 2018

Bitcoin may be the most famous cryptocurrency but, despite a dizzying rise, it's not the most lucrative one and far from alone in a universe that counts 1,400 rivals, and counting.

Top takeaways from Consumers Electronics Show

January 13, 2018

The 2018 Consumer Electronics Show, which concluded Friday in Las Vegas, drew some 4,000 exhibitors from dozens of countries and more than 170,000 attendees, showcased some of the latest from the technology world.

Finnish firm detects new Intel security flaw

January 12, 2018

A new security flaw has been found in Intel hardware which could enable hackers to access corporate laptops remotely, Finnish cybersecurity specialist F-Secure said on Friday.


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.