WEST HAVEN — When the Utah Health Department sent out official notification to more than 270,000 people that a computer breach exposed their Social Security numbers to theft, the letter itself raised concerns.
The worry came when the theft victims called an information hotline listed in the letter offering to answer any questions surrounding the security breach. The first question was startling:
“They need your Social Security number to see if you are one of those which has been compromised, but if we’re not why are we getting the letter,” said Jack Weir.
“Nowadays, there are so many scams and things that go on that we did question it,” said his wife, JoAnne Weir.
The letter contains no signature, but there is a state seal. State officials Tuesday confirmed the letter is legitimate.
“The letter is official notification from the state of Utah that your Social Security number was included in the information that was stolen off the service,” Utah Department of Health spokesman Tom Hudachko said. The letter doesn’t mean that a person’s credit was accessed illegally or that it’s been used inappropriately, he said.
The data attack occurred after hackers on March 30 illegally gained access to a Utah Department of Technology Services computer server that stores Medicaid and CHIP data claims. State officials detected the security breach on April 2 and shut down the server.
The department sent out 273,000 letters to let people know that they qualify for a year of free credit monitoring service. The letter gives them an activation code for credit monitoring. People can call the credit monitoring company and speak to a representative, or go to the URL provided in the letter and enter the code online to activate the service.
The letter states that those with additional questions may call the information hotline to see if their Social Security number was compromised. But Hudachko acknowledged that those who received the letter do not need to call the hotline.
“We understand that people supply their personal information to the state with the assumption that the information is going to be protected and kept secure, and we failed to do that in this case,” Hudachko said.
He said the state is offering the credit monitoring service, which is stated in the letter.
Contributing: Peter Samore