The Indiana Department of Health began notifying nearly 750,000 residents that their data from the state's COVID-19 contact tracing survey was accessed by an unauthorized user.
Five things to know:
- The survey data stored include information on survey respondents' names, email, addresses, birthdates and more, according to an Aug. 17 news release.
- Indiana was notified of the breach July 2 and worked to correct the software misconfiguration. It requested the data that had been accessed, and those records were returned to the state Aug. 4.
- The company that accessed the data intentionally looks for software vulnerabilities at companies to seek business partnerships with them, said Tracy Barnes, CIO for Indiana.
- The state and the company that accessed the data signed a "certificate of destruction" to confirm the data was not released to other entities and was destroyed by the company.
- The health department will send letters notifying those affected by the breach. They will be eligible for one year of free credit monitoring with Experian.