INDIANAPOLIS — Indiana health officials said Tuesday they are notifying nearly 750,000 residents that a company improperly accessed personal data from the state’s online COVID-19 contact tracing survey.

The Indiana Department of Health said the state was notified July 2 that a company gained unauthorized access to data, including names, addresses, dates of birth, emails, and data on gender, ethnicity and race.

State Health Commissioner Kris Box said the state agency does not collect Social Security information for its COVID-19 contact tracing program, and no medical information was obtained.

“We believe the risk to Hoosiers whose information was accessed is low,” Box said in a news release.

Officials said the company involved signed a “certificate of destruction” last week with the state to confirm that it had destroyed the data and not released it to any other entity.

The Indiana Office of Technology and the state health department said they have corrected a software configuration issue involved in the unauthorized access. Both departments also requested the accessed records, and those were returned Aug. 4, according to the news release.

Officials did not identify the company involved, but Tracy Barnes, Indiana’s chief information officer, said it was a company “that intentionally looks for software vulnerabilities, then reaches out to seek business.”

“We have corrected the software configuration and will aggressively follow up to ensure no records were transferred,” Barnes said.

The health department said it will send letters to affected Hoosiers notifying them that the state will provide one year of free credit monitoring and is partnering with Experian to open a call center to answer questions from those affected.

The Indiana Office of Technology said it will also continue regular scans to ensure that the information was not transferred to another party.