1. Forum
  2. FidoNet
  3. CONSPRCY

  • Personal data on over 700

    From Mike Powell@1:2320/105 to All on Fri Jan 9 10:33:20 2026
    Personal data on over 700,000 exposed by Illinois government agency

    Date:
    Thu, 08 Jan 2026 20:50:00 +0000

    Description:
    A human mistake resulted in a major data leak in late September 2025.

    FULL STORY

    The Illinois Department of Human Services (IDHS) kept a database on the open internet, exposing sensitive data of 700,000 people to anyone who found it.

    In a press release published on the agencys website in early January, it was said that the IDHS Division of Family and Community Services Bureau of
    Planning and Evaluation, a division that helps plan programs for low-income
    and vulnerable families, created maps that were supposed to help with
    resource allocation decisions.

    The maps were created to help IDHS determine where to open new local offices and were intended for internal IDHS use only. But, these maps were posted on the clearweb, and were thus accessible to all visitors.

    Not exploited (yet)

    The individuals affected by this incident can be split into two categories, IDHS explained: around 32,000 customers of the Division of Rehabilitation Services, and more than 670,000 Medicaid and Medicare Savings Program recipients.

    For the first group, IDHS exposed names, addresses, case numbers, case
    status, referral source information, region and office information, and
    status as DRS recipients.

    For the second one, exposed information includes addresses, case numbers, demographic information, and the name of medical assistance plans (such as Medicaid, Medicare, etc.). Anyone who believes they might be affected should
    be wary of identity theft and fraud.

    Because of the way these maps were set up, and the data exposed, it is impossible to determine who viewed them and if any malicious actors
    exfiltrated the information found inside. However, IDHS claims it has seen no evidence of attempted misuse.

    The mistake was spotted in late September 2025, and the agency responded by restricting access to authorized employees only. It is now notifying affected individuals and has set up a free number where customers can call for additional inquiries.

    There was no word on any identity theft or credit monitoring services as of yet, although these are standard practice in these kinds of situations.

    Via The Record

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/personal-data-on-over-700-000-exposed-b y-illinois-government-agency

    $$
    --- SBBSecho 3.28-Linux
    * Origin: Capitol City Online (1:2320/105)