**ILLINOIS DEPARTMENT OF HUMAN SERVICES SUFFERS MASSIVE DATA BREACH AFFECTING OVER 700,000 RESIDENTS**
Chicago, IL - In a shocking revelation, the Illinois Department of Human Services (IDHS) has disclosed that it suffered a massive data breach that impacted nearly 700,000 residents. The breach occurred due to incorrect privacy settings on internal maps, which were meant for planning purposes but ended up being publicly accessible.
The incident came to light on September 22, 2025, when IDHS discovered that the maps created by the Division of Family and Community Services' Bureau of Planning and Evaluation on a mapping website had been publicly viewable due to misconfigured privacy settings. These maps were intended for internal use only and were meant to assist IDHS with resource allocation decisions such as determining where to open new local offices.
Unfortunately, the breach had far-reaching consequences. Approximately 32,401 customers of the Division of Rehabilitation Services (DRS) had their sensitive details exposed, including names, addresses, case numbers, referral sources, and recipient status, from April 2021 to September 2025. Moreover, 672,616 Medicaid and Medicare Savings Program recipients had their addresses, case numbers, demographics, and plan names exposed from January 2022 to September 2025, although no names were included in this subset.
Upon discovering the breach, IDHS immediately took corrective action by restricting access to authorized employees and conducting a thorough review of the data. The department has since implemented a new Secure Map Policy that prohibits uploading identifiable customer information to public mapping sites and limits access to maps based on role.
IDHS is currently notifying affected individuals and regulatory authorities about the breach. Those impacted will receive notices with toll-free numbers and information on fraud alerts and security freezes via credit agencies and the Federal Trade Commission (FTC). This is not the first time IDHS has been targeted by hackers - in December 2024, threat actors used phishing to hack employee accounts, exposing personal data of over 1.1 million people.
The breach highlights the importance of robust security measures and regular reviews to prevent similar incidents from occurring in the future. As we continue to navigate the complexities of digital information sharing, it is imperative that organizations prioritize data protection and take proactive steps to safeguard sensitive information.
**Stay informed about the latest cybersecurity news and updates by following me on Twitter: @securityaffairs and Facebook and Mastodon (SecurityAffairs - hacking, Illinois Department of Human Services).**