Nearly 750,000 Hoosiers have had their data exposed from the state’s COVID-19 online contact tracing survey, the Indiana Department of Health said Tuesday.
The information was improperly accessed by a company that intentionally looks for software vulnerabilities in an attempt to gain business, according to Tracy Barnes, chief information officer for the state.
The data that was accessed included name, address, email, gender, ethnicity and race, and date of birth, according to IDOH.
The state learned of the incident on July 2. Last week, the state and the company that accessed the data signed a “certificate of destruction” to confirm that the data was not released and was destroyed.
“We believe the risk to Hoosiers whose information was accessed is low. We do not collect Social Security information as a part of our contact tracing program, and no medical information was obtained,” said State Health Commissioner Kris Box, M.D., FACOG.
The state said it has since corrected a software configuration issue.
Affected Hoosiers will receive a letter from the Department of Health. The state will also provide one year of free credit monitoring and is working with Experian to open a call center to answer any questions.
