The Illinois Department of Human Services unintentionally exposed personal information of over 700,000 residents on the internet for up to four years. This breach involved protected health information related to disabled customers and Medicaid/Medicare recipients, with no known misuse reported. #IDHS #DataBreach #HIPAA #PhishingAttack
Keypoints
- The IDHS publicly posted personal data of disabled customers and Medicaid recipients online.
- The data remained accessible from April 2021 to September 2025 for some users.
- The breach was linked to an accidental posting on a mapping website used for resource planning.
- Agency officials have banned the public sharing of customer-level data on mapping platforms.
- In December 2024, a separate phishing attack compromised 1.1 million residentsβ data.
Read More: https://therecord.media/illinois-agency-exposed-data