Tech

Hackers steal hundreds of thousands of Social Security numbers

Schloesser mit den Namen von etlichen Liebespaaren sind  am Donnerstag, 23. April 2009, am Gitter der Hohenzollernbruecke in Koeln zu sehen. Seit Silvester 2008 haben Paare hier ihre Liebe manifestiert und aller Welt kundgetan, indem sie ein Schloss mit ihren Namen an der Bruecke befestigt haben.  Bei dem Schloesser-Trend handelt es sich um einen Brauch aus Italien. In Rom befindet sich eine alte Bruecke, die Milvische Bruecke, die ueber den Tiber fuehrt. Diese Bruecke ist ein regelrechter Wallfahrtsort fuer verliebte Paare. Dort werden Schloesser, auf denen die Namen des Paares eingraviert sind, an der Bruecke fest gekettet und der Schluessel wird in den Tiber geworfen. Dieser Brauch soll die Haltbarkeit der Liebe untersuetzen. (AP Photo/Roberto Pfeil) --Padlocks with the engraved names of lovers are fixed to the fence at the Hohenzollern Bridge in Cologne, western Germany, Thursday, April 23, 2009. In an old ritual, padlocks with lovers names on it are fixed at the Milvian bridge in Roma, Italy, and the keys are thrown into the Tiber river to symbolize endless love. (AP Photo/Roberto Pfeil)

Schloesser mit den Namen von etlichen Liebespaaren sind am Donnerstag, 23. April 2009, am Gitter der Hohenzollernbruecke in Koeln zu sehen. Seit Silvester 2008 haben Paare hier ihre Liebe manifestiert und aller Welt kundgetan, indem sie ein Schloss mit ihren Namen an der Bruecke befestigt haben. Bei dem Schloesser-Trend handelt es sich um einen Brauch aus Italien. In Rom befindet sich eine alte Bruecke, die Milvische Bruecke, die ueber den Tiber fuehrt. Diese Bruecke ist ein regelrechter Wallfahrtsort fuer verliebte Paare. Dort werden Schloesser, auf denen die Namen des Paares eingraviert sind, an der Bruecke fest gekettet und der Schluessel wird in den Tiber geworfen. Dieser Brauch soll die Haltbarkeit der Liebe untersuetzen. (AP Photo/Roberto Pfeil) --Padlocks with the engraved names of lovers are fixed to the fence at the Hohenzollern Bridge in Cologne, western Germany, Thursday, April 23, 2009. In an old ritual, padlocks with lovers names on it are fixed at the Milvian bridge in Roma, Italy, and the keys are thrown into the Tiber river to symbolize endless love. (AP Photo/Roberto Pfeil)  (AP GraphicsBank)

An additional 750,000 people had their personal information stolen by hackers, state health officials said Monday after discovering that the thieves downloaded thousands more files of data than authorities initially believed.

Officials originally estimated that about 24,000 people had their records stolen after a computer tracked to Eastern Europe infiltrated a server beginning March 30, then changed that number to 182,000 victims.

Health officials now believe a total of nearly 900,000 people have had their personal data stolen.

[summary]

The information includes Social Security numbers, health department spokesman Tom Huduchko said at a news conference. Some files also contained information needed to verify Medicaid coverage, as well as names, addresses or other personal information, he added.

More On This...

The information was stolen from a new server at the health department, said Stephen Fletcher, executive director of the Department of Technology Services. Although the state has multiple layers of security on every server, a technician installed a password that wasn't as secure as needed.

Some of the data were for beneficiaries of Medicaid and a health care program for children from low-income families, department officials said last week. That would include children, whose lack of a credit report could make monitoring for identity theft difficult.

In all, the hackers downloaded about 224,000 files, some of which contained hundreds of records, Hudachko said.

[pullquote]

Since the data breach was discovered last week, state officials have revised the number of victims three times. The state has reviewed all the files stored on the breached server, and Fletcher said it was unlikely the number would increase again.

The state also checked other servers used by agencies and have not discovered other breaches.

Residents whose information was stolen will be alerted, with the priority going to those who had their Social Security numbers were taken, said Michael Hales, deputy director of the Health Department. The department is offering free credit monitoring for a year to those residents.

Hales said it was important for people to monitor their credit ratings and bank accounts for fraud.

Monitoring financial accounts and credit reports is an important first step, but identity theft victims should also alert the three credit bureaus about potential fraud, said Kirk Torgensen, a chief deputy with the Utah attorney general's office who specializes in identity theft.

Protecting children from identity theft can be more difficult, since they normally will not have a credit report, credit cards or bank accounts to monitor. To assist parents, the state was working with the credit bureau TransUnion to register a child's Social Security number and essentially freeze their credit until they are old enough to need it.

A state website allows fraud victims to file an affidavit that will reduce the amount of time -- sometimes hundreds of hours -- that identity theft victims have to spend fixing their credit.