Montana notifies 1.3 million residents of 11-month old data breach

The US state of Montana has just notified 1.3 million residents of a data breach in the state health department that took place in July 2013

The US state of Montana is notifying 1.3 million people of a data breach at the state health department in July 2013 that went undetected until May 2014.

On 22 May, an independent forensic investigation determined that the server had been hacked. The forensic investigation was ordered on 15 May when suspicious activity was first detected.

State officials said in a statement that, when the suspicious activity was discovered, agency officials shut down the server and contacted law enforcement.

The compromised server has been removed from the network and replaced with a new server containing scanned backup files, the statement said.

State officials said the health department had installed additional security software to better protect sensitive information on existing servers. They said the  department was reviewing existing policies and procedures to prevent similar breaches in the future.

The statement did not say why it took the health department nearly a year to discover the breach.

Although the population of Montana is only around one million, the state is notifying anyone who may have had personal data exposed, including former residents and families of deceased residents.

Information on the compromised server included names, addresses, birth dates, social security numbers, medical records, and birth and death certificates.

State officials say they do not believe hackers managed to extract any data, but have encouraged possible victims to sign up for a free credit monitoring service and identity fraud insurance.

Read more on Privacy and data protection