Cyber Incident Victim: Illinois Department of Human Services
Date:
May 2023
Location:
United States of America
Summary
A data breach at the Illinois Department of Human Services exposed sensitive personal information of Medicaid, SNAP, and TANF beneficiaries through unauthorized accounts created in the state's benefits eligibility system. Attackers leveraged externally stolen personal data to access and link existing accounts within the Manage My Case portal, compromising names, Social Security numbers, addresses, phone numbers, income details, and recipient IDs. The departments disabled unauthorized access, notified affected individuals and state authorities, and established an assistance line while advising beneficiaries to utilize fraud alerts and identity theft resources. The incident underscores vulnerabilities in systems supporting critical public assistance programs.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 12, 2023, the Illinois Department of Healthcare and Family Services (HFS) and the Illinois Department of Human Services (IDHS) disclosed a data breach impacting the State of Illinois Application for Benefits Eligibility (ABE) system’s Manage My Case (MMC) portal. The ABE system determines eligibility for Medicaid, the Supplemental Nutrition Assistance Program (SNAP), and Temporary Assistance for Needy Families (TANF). Unauthorized actors created accounts within the ABE system and linked them to legitimate customer MMC accounts by exploiting personal information stolen from an external source. This unauthorized access exposed beneficiaries’ names, Social Security numbers, recipient identification numbers, addresses, phone numbers, and income information. The breach potentially affected all individuals who had applied for or were actively receiving benefits through the ABE portal, though the exact number of compromised accounts was not disclosed. The departments confirmed the breach involved external threat actors leveraging pre-stolen data rather than a direct compromise of the ABE system itself.
In response, HFS and IDHS implemented measures to halt further unauthorized access and secure the ABE system. They notified all potentially affected individuals, the Illinois General Assembly, and the Office of the Illinois Attorney General. A dedicated assistance phone line (1-877-657-0006) was established to address inquiries, remaining operational until August 14, 2023. The departments advised beneficiaries to contact consumer reporting agencies to place fraud alerts or security freezes on their accounts and directed them to the Federal Trade Commission’s identity theft resources. The incident underscored vulnerabilities in systems managing sensitive public benefit data, though no specific attacker motives or techniques were detailed. No evidence suggested misuse of the exposed data at the time of disclosure, but the breach carried significant risks of identity theft and financial fraud for vulnerable populations reliant on state assistance programs.