Less sensitive personal data such as names, birth dates and addresses of another 500,000 people may have also been compromised in the breach, state officials said today.

Today's marks the second time in three days that Utah state officials have upped their estimates of a March 30 intrusion into a server containing Medicaid claims data on Utah residents.

According to the Utah Department of Technology Services (DTS) and the Utah Department of Health (UDOH), the breach stemmed from a configuration error at the user authentication layer. The error allowed attackers, believed to be operating out of Eastern Europe, to bypass the network, perimeter and application level security controls that were in place to protect the server.

Initially, state officials said the intrusion had . Each record could include Social Security Numbers, names, birth dates, addresses, tax identification numbers and treatment codes.

On Friday, the two organizations released saying forensics investigations showed the breach to be larger than initially thought. In addition to Medicaid data, the breached information included data about recipients of the state's Children's Health Insurance Plans (CHIP). And rather than 24,000 claims, the hackers had actually accessed 24,000 files, each one of which potentially contained personal data on hundreds of individuals.