The Illinois Department of Human Services accidentally exposed the personal and health data of nearly 700,000 residents due to misconfigured privacy settings on mapping websites. This incident highlights the importance of strict data access controls and ongoing security reviews for sensitive information. #IDHSDataBreach #PrivacySettings
Keypoints
- The IDHS accidentally made internal maps publicly viewable for years due to privacy misconfiguration.
- Approximately 672,616 Medicaid and Medicare recipients had their sensitive data exposed from January 2022 to September 2025.
- A smaller group of 32,401 disability services customers also had their data inadvertently made public.
- The agency restricted map access and reviewed exposed data after discovering the breach in September 2025.
- The incident follows a previous breach in December 2024 involving over a million affected individuals.