Cyber Incident Victim: Illinois Department of Human Services

The Illinois Department of Human Services (IDHS) disclosed a data breach impacting approximately 700,000 individuals, stemming from a publicly accessible mapping website. The exposure occurred between 2021/2022 and 2025, though the exact discovery timeline and remediation actions were not detailed in public reports. The breach affected two distinct groups: 32,000 Division of Rehabilitation Services (DRS) customers and approximately 672,000 Medicaid and Medicare Savings Program recipients. For DRS customers, compromised data included names, addresses, case numbers, case status details, referral source information, and region-specific data. Medicaid/Medicare recipients had addresses, case numbers, demographic information, and medical assistance plan details exposed, though their names were not included in the leaked dataset. IDHS did not confirm whether unauthorized parties accessed the information during the exposure window.

The incident represented a significant exposure of sensitive health and social service data, with potential implications for identity theft and fraud given the combination of personal identifiers and case-specific details. For DRS customers, the inclusion of names alongside case status and referral information created risks of targeted social engineering or discrimination. Medicaid/Medicare recipients faced exposure of medical assistance enrollment details tied to addresses and demographic profiles, potentially revealing health program participation without direct name linkage. No technical details regarding the mapping platform's architecture or the mechanism enabling public access were disclosed. IDHS provided no information about containment procedures, forensic investigations, or post-breach notifications beyond the initial disclosure acknowledging the incident's scope and duration.