WANE reports:
The Indiana Department of Health announced Tuesday it is notifying nearly 750,000 Hoosiers that data from the state’s COVID-19 online contact tracing survey was improperly accessed back in July.
The data included name, address, email, gender, ethnicity and race, and date of birth.
“We believe the risk to Hoosiers whose information was accessed is low. We do not collect Social Security information as a part of our contact tracing program, and no medical information was obtained,” said State Health Commissioner Kris Box, M.D., FACOG. “We will provide appropriate protections for anyone impacted.”
The state was notified of the unauthorized access on July 2. Last week, the state and the company that accessed the data signed a “certificate of destruction” to confirm that the data was not released to any other entity and was destroyed by the company.
Read more on WANE.
Another news source described the incident as
the data was accessed by a company “that intentionally looks for software vulnerabilities, then reaches out to seek business.”
So this company downloaded data it seems (since they signed certificate of destruction).