In addition to the comprehensive audit, Gov. Gary Herbert wants a specific audit examining the handling of the server breach at the Utah Department of Technology Services, according to a statement on Wednesday.
"Individuals provide sensitive personal information to the government in a relationship of trust. It is tragic that not only data was breached, but now individual trust is also compromised….I am calling for an independent audit of all DTS security and data storage procedures and protocols", Herbert said.
"Our immediate priority is to protect those whose personal information has been exposed. Therefore, we will continue to work with law enforcement, including the FBI, to find the criminals responsible", he added.
The Utah Department of Health (UDOH) originally estimated that hackers had stolen social security numbers of 25,096 individuals from the DTS servers, but increased that number to 280,000 a few days later. Including victims who had personal information stolen but not social security numbers, the total number of individuals affected by the data breach is around 790,000.
The governor explained that the UDOH will work with the Utah Department of Administrative Services to secure the services of outside firms to conduct the comprehensive audit. Those firms will conduct a full-scale independent review of the state's data security environment to ensure state electronic records are “properly safeguarded”, he added.