The data theft has been first discovered last week, and it was initially thought that the SS numbers of only 24,000 people were compromised.
Unfortunately, as the investigation in the matter continued, the huge final numbers were revealed and confirmed by the Utah Department of Health on Monday.
The people who had their information compromised are those who availed themselves of the services of Utah-based healthcare providers in the last four months. The "lucky" ones got only their names, addresses and dates of birth stolen by the criminals.
The affected individuals have been contacted by mail and warned to be careful about likely phishing attempts via phone or email. They have also been offered free credit monitoring for a year.
It seems that there have been no attempts of using the stolen information to fraudulently obtain loans or credit cards so far.
"The data breach initially occurred on Friday, March 30," explained the Utah Department of Health.
"A configuration error occurred at the password authentication level, allowing the hacker to circumvent DTS’s security system. DTS has processes in place to ensure the state’s data is secure, but this particular server was not configured according to normal procedure. DTS has identified where the breakdown occurred and has implemented new processes to ensure this type of breach will not happen again."
It is believed that the attackers are located in Eastern Europe.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.