TZUTC: -0500
MSGID: 1936.consprcy@1:2320/105 2dc65d50
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
Personal data on over 700,000 exposed by Illinois government agency

Date:
Thu, 08 Jan 2026 20:50:00 +0000

Description:
A human mistake resulted in a major data leak in late September 2025.

FULL STORY

The Illinois Department of Human Services (IDHS) kept a database on the open
internet, exposing sensitive data of 700,000 people to anyone who found it. 

In a press release published on the agencys website in early January, it was
said that the IDHS Division of Family and Community Services Bureau of
Planning and Evaluation, a division that helps plan programs for low-income
and vulnerable families, created maps that were supposed to help with 
resource allocation decisions. 

The maps were created to help IDHS determine where to open new local offices
and were intended for internal IDHS use only. But, these maps were posted on
the clearweb, and were thus accessible to all visitors.

Not exploited (yet) 

The individuals affected by this incident can be split into two categories,
IDHS explained: around 32,000 customers of the Division of Rehabilitation
Services, and more than 670,000 Medicaid and Medicare Savings Program
recipients. 

For the first group, IDHS exposed names, addresses, case numbers, case 
status, referral source information, region and office information, and 
status as DRS recipients. 

For the second one, exposed information includes addresses, case numbers,
demographic information, and the name of medical assistance plans (such as
Medicaid, Medicare, etc.). Anyone who believes they might be affected should
be wary of identity theft and fraud. 

Because of the way these maps were set up, and the data exposed, it is
impossible to determine who viewed them and if any malicious actors
exfiltrated the information found inside. However, IDHS claims it has seen no
evidence of attempted misuse. 

The mistake was spotted in late September 2025, and the agency responded by
restricting access to authorized employees only. It is now notifying affected
individuals and has set up a free number where customers can call for
additional inquiries. 

There was no word on any identity theft or credit monitoring services as of
yet, although these are standard practice in these kinds of situations. 

 Via The Record 

======================================================================
Link to news story:
https://www.techradar.com/pro/security/personal-data-on-over-700-000-exposed-b
y-illinois-government-agency

$$
--- SBBSecho 3.28-Linux
 * Origin: Capitol City Online (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 134 206 275 300 307 317 400 426 428
SEEN-BY: 229/470 664 700 705 266/512 291/111 320/219 322/757 342/200
SEEN-BY: 396/45 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12
SEEN-BY: 5075/35
PATH: 2320/105 229/426