Officials in Montana said Tuesday that they are notifying more than a million individuals that their personal information may have been compromised after it was recently discovered that a state health department server was hacked.

From Reuters:

A data security breach of Montana’s state health records has compromised the Social Security numbers and other personal information of some 1.3 million people, but the full extent of damage from the intrusion is unclear, state officials said on Tuesday.

Hackers of unknown origin gained access in May to a computer server tied to the Montana Department of Public Health and Human Services, exposing sensitive or confidential information of current and former medical patients, health agency employees and contractors.

Individuals whose personal information was exposed are being offered free credit monitoring, though investigators do not know whether the breach resulted in any actual identity theft, department Director Richard Opper said.

Agency officials first became aware of the unauthorized access to one of its servers in mid-May when they noticed suspicious activity. The agency said it immediately shut down the server and notified law enforcement as soon as the activity was discovered.

An independent investigation was conducted and on May 22nd it was determined that the server had been hacked, according to a news release from the Montana DPHHS.

The investigation revealed that the unauthorized access actually occurred in July 2013, according to a news report last month from KPAX.com.

While there were many months in between when the unauthorized access first occurred and when it was finally noticed, officials say in the Montana DPHHS news release that there has been nothing so far to indicate that anyone’s personal information has been used or accessed.

“Out of an abundance of caution, we are notifying those whose personal information could have been on the server,” said DPHHS Director Richard Opper. “Again, we have no reports, nor do we have any evidence that anyone’s information was used in any way, or even accessed.”

The agency has been reviewing its files and determining the individuals to be notified. The files included people who were signed up for various public services through the DPHHS, as well as birth and death records, and the records of some employees and contractors. Information that was stored on the impacted server is different for each individual but could have included “names, addresses, dates of birth, Social Security numbers, bank account information and dates of service.”

The agency announced on Tuesday that it was notifying all those potentially affected and would be offering free credit monitoring and identity protection insurance. This includes both current and former residents of the state, and in some instances, the estates of deceased individuals (hence, why the number is more than live in the state), the agency’s news release stated.

[Featured image: KPAX.com video]