The Illinois Department of Human Services (IDHS) has announced a significant privacy breach that compromised the personal information of over 1.1 million customers. The breach occurred on April 25, 2024, when a phishing attack targeted several IDHS employees, allowing the attackers to gain access to sensitive files. The exposed data included the Social Security numbers (SSNs) of 4,701 customers and three employees. Additionally, public assistance account details for 1,118,993 customers were also accessed, although this data did not include SSNs.
The compromised account information contained various personal details, such as names, public assistance account numbers, dates of birth, addresses, and contact information. The breach was quickly identified, and the IDHS notified the Illinois Department of Innovation and Technology (DoIT) on May 3, 2024. The department also determined that the incident met the criteria for a reportable breach under the state’s Personal Information Protection Act (PIPA).
In compliance with PIPA, the IDHS began notifying affected individuals. Affected customers received substitute notices, while 2,918 customers whose SSNs were compromised received written notifications. Additionally, 1,783 individuals whose addresses were not on file were notified through a media release and a website posting. This swift action aims to ensure that all affected individuals are aware of the breach and can take appropriate steps to protect their information.
In response to the breach, the IDHS has emphasized its commitment to preventing future incidents. The department has implemented enhanced employee training to help staff recognize and report phishing attempts. This breach serves as a reminder of the ongoing threats to sensitive personal data and highlights the importance of continuous cybersecurity measures to safeguard public information.
Reference:
