SALT LAKE CITY (AP) — Utah lawmakers have agreed to spend $1 million to extend credit monitoring for victims of the huge state Medicaid data breach for another year.

Sheila Wash-McDonald, ombudsman for the Utah Department of Health, said the department also is using $300,000 to create a privacy and security office to strengthen data security procedures.

State officials announced in May 2012 that Eastern European hackers had used a weak password to break into a Children’s Health Insurance Program (CHIP) server and steal the Social Security numbers of about 280,000 people.

The hackers also gained less sensitive information on about 500,000 other people.

Utah’s chief technology officer resigned in the wake of the theft.

Walsh-McDonald said about 25 percent of the people with exposed Social Security numbers signed up for credit monitoring. The credit monitoring subscription will be extended automatically.