Cyber Incident Victim: Office of Illinois Attorney General Kwame Raoul

On April 21, 2021, a ransomware attack compromised the Office of Illinois Attorney General Kwame Raoul, resulting in the theft of several gigabytes of files. The stolen data was subsequently uploaded to a dark web platform called Dopple Leaks, which hosts information hacked by the DoppelPaymer ransomware gang. This breach exposed the personal information of an undetermined number of Illinois residents, though the specific types of data compromised were not publicly disclosed. Federal authorities had previously identified cybersecurity deficiencies within the office prior to the attack, though the exact nature of these vulnerabilities was not detailed in public reports. The incident forced the attorney general’s office to issue a public notice acknowledging the breach while stating officials lacked full awareness of the scope of stolen data, as required by state breach notification laws.

In response, the office allocated over $2.5 million to rebuild computer systems, restore online operations, and notify potentially affected residents. Operations remained largely offline for an extended period, necessitating reliance on mail and telephone communications. Attorney General Raoul publicly confirmed his refusal to pay the ransom, emphasizing a policy against negotiating with cybercriminals. The office later received an $8 million budget increase from state legislators, primarily earmarked for recovery efforts and strengthening cybersecurity defenses. No evidence suggested resident data was actively misused following the breach, though the long-term operational disruptions underscored the attack’s severity. The office continued working to restore full functionality while managing public notifications regarding the compromised information.