The Indiana Department of Health will notify nearly 750,000 Hoosiers that data from the state’s COVID-19 online contact tracing survey was improperly accessed. The data included name, address, email, date of birth and demographic information collected during contact tracing.
The state will send letters to those affected by the breach and provide one year of free credit monitoring.
In a statement, State Health Commissioner Dr. Kris Box said the risks to those affected are low.
“We do not collect Social Security information as a part of our contact tracing program, and no medical information was obtained,” Box said in a statement.
READ MORE: How Is Indiana Distributing COVID-19 Vaccines? Here's What You Need To Know
Join the conversation and sign up for the Indiana Two-Way. Text "Indiana" to 73224. Your comments and questions in response to our weekly text help us find the answers you need on COVID-19 and other statewide issues.
State officials said in a statement the company that accessed the data looks for software vulnerabilities and then reaches out to drum up business. They said the software issue has been corrected, and the company told the state the data was not released to any other entity and was destroyed.
Contact Lauren at lchapman@wfyi.org or follow her on Twitter at @laurenechapman_.