Update: The state subsequently revised its estimate to 87,000 letters. How did it get the numbers so wrong — apart from the question of why it has taken so long to send out notifications. This does NOT inspire confidence in the state’s ability to protect ePHI and to notify people promptly in the event of an incident.
Chris Klint reports an update to an April attack previously disclosed in June. It turns out that this breach will result in 500,000 -700,000 notification letters:
Hundreds of thousands of Alaskans may receive letters from the state this year, in the wake of a 2018 malware infection on a laptop containing personal data which may have had links to Russia.
Shawnda O’Brien, director of the state’s Division of Public Assistance, said the state hadn’t found any sign of a data breach from the April 26 computer virus which infected one of the division’s computers. However, she said the state was still sending from 500,000 to 700,000 letters to current or former participants in division programs.
“We don’t have any reason to believe their information was compromised, but because their information could have been compromised we had to let them know,” O’Brien said by phone Tuesday.
A copy of the Jan. 7 letter lays out the extent of information from the division’s eligibility database which may have been compromised due to “unauthorized access by unknown cyber attackers” between April 26 and April 30.
“Information contained in the database includes: names, Social Security numbers, dates of birth, addresses, health information, benefit information and other types of related information,” officials wrote.
Read more on KTVA.