CoreTechDaily

Illinois Agency Exposes Personal Data of Over 700,000 Individuals

A significant data breach occurred due to a mistake by the Illinois Department of Human Services, affecting over 700,000 individuals.

Published Jan 8, 2026
Tags:data breachIllinoisIDHSpersonal dataprivacy
Illinois Agency Exposes Personal Data of Over 700,000 Individuals
  • IDHS inadvertently revealed sensitive information of 700,000 individuals through publicly accessible maps
  • Data included addresses, case details, and medical assistance plan information
  • Access was restricted in September 2025; affected individuals were notified, but no credit monitoring was provided

The Illinois Department of Human Services (IDHS) mistakenly published a database on the open internet, exposing sensitive information of 700,000 individuals to anyone who accessed it.

In a press release issued in early January, IDHS stated that the Division of Family and Community Services’ Bureau of Planning and Evaluation had created maps intended to assist with resource allocation decisions for low-income and vulnerable families.

These maps were designed to help IDHS determine locations for new local offices and were meant for internal use only. However, they were made publicly accessible on the clearweb.

Not exploited (yet)

IDHS explained that the affected individuals fall into two categories: approximately 32,000 customers of the Division of Rehabilitation Services and over 670,000 recipients of Medicaid and Medicare Savings Programs.

For the first group, exposed data included names, addresses, case numbers, case status, referral source information, region and office details, and DRS recipient status.

The second group had their addresses, case numbers, demographic information, and names of medical assistance plans (such as Medicaid and Medicare) exposed. Individuals who believe they may be affected should be cautious of identity theft and fraud.

Due to the nature of the maps and the data exposed, it is impossible to ascertain who accessed them or if any malicious actors extracted the information. However, IDHS claims there is no evidence of attempted misuse.

The issue was identified in late September 2025, prompting the agency to limit access to authorized personnel only. They are now notifying affected individuals and have established a hotline for further inquiries.

As of now, there has been no mention of identity theft protection or credit monitoring services, which are typically offered in such situations.

Via The Record

Related Posts

Asus Launches NUC 16 Pro: Aiming for the Fastest Mini PC with Panther Lake Technology

Jan 10, 2026

Asus Launches NUC 16 Pro: Aiming for the Fastest Mini PC with Panther Lake Technology

The Panther Lake-based Asus NUC 16 Pro combines impressive integrated graphics with top-tier AI capabilities, targeting creators and developers.

Nvidia's Rubin DGX SuperPOD: A New Era of AI Computing with 28.8 Exaflops

Jan 9, 2026

Nvidia's Rubin DGX SuperPOD: A New Era of AI Computing with 28.8 Exaflops

Nvidia's Rubin DGX SuperPOD achieves 28.8 Exaflops using 576 GPUs, merging advanced compute, memory, and software to compete with Huawei's SuperPOD.

Acer Unveils Veriton RA100 Mini PC with Ryzen AI Max+ 395 for Creators

Jan 9, 2026

Acer Unveils Veriton RA100 Mini PC with Ryzen AI Max+ 395 for Creators

Acer targets creators and developers building and running local models with its Veriton RA100 Ryzen AI Max+ 395 mini PC.

FBI Warns of North Korean Hackers Exploiting QR Codes for Phishing Attacks

Jan 9, 2026

FBI Warns of North Korean Hackers Exploiting QR Codes for Phishing Attacks

Kimsuky's latest attacks can bypass email protections and MFA to steal M365 and VPN accounts.