Officials at the Louisiana Department of Health and Hospitals this week confirmed that a hacker last month managed to break into a database storing the personal information of more than 56,000 emergency medical technicians and EMT students.
The breach, which is thought to have occurred on Sept. 17, was first discovered by employees with the state's Bureau of Emergency Medical Services after they were mocked by a message on their computer screens that read "You have been hacked."
According to Baton Rouge, Louisiana-based The Advocate the data compromised included names and Social Security numbers of people who either applied for classes or were certified as first responders or EMTs in Louisiana.
The hackers evidently managed to infiltrate the database through an unsecured website used by authorized instructors and other personnel throughout the state.
At this stage in the investigation, none of the EMTs and students in the database has reported that their information was used for nefarious purposes.
"Although we have no indication that information was actually released, we know that it was accessed," Tony Keck, deputy secretary at the DHH, said in a statement.
The DHH is in the process of sending out letters to all affected individuals and implemented new security policies, including stronger passwords, to help guard against future breaches. Local law enforcement and the Louisiana attorney general's office are teaming up on an investigation into the security breach.
State agencies, such as the DHH were ranked as the fourth-most dangerous place for consumers to leave or share their Social Security numbers, according to a recent report by security software vendor McAfee (NYSE: MFE).
Just last month, more than 3,000 members of the Mississippi National Guard were given the unpleasant news that their most sensitive information was exposed after an employee accidentally posted the data on the brigade's Microsoft SharePoint website.
High-profile breaches exposing military personnel and first responders' personal data have become commonplace in recent years as hackers seek out large volumes of personal information that can be accessed in one attack and often go unnoticed for weeks or months at a time.
Keep up-to-date on database security; follow eSecurityPlanet on Twitter @eSecurityP.