- IDHS accidentally exposed sensitive data of 700,000 people via publicly available cards
- Data included addresses, case details and medical assistance plan information
- Restricted access in September 2025; affected persons are informed, but no credit monitoring is offered
The Illinois Department of Human Services (IDHS) maintained a database on the open Internet, exposing the sensitive data of 700,000 people to anyone who found it.
In a press release posted on the agency’s website in early January, it was noted that the IDHS Division of Family and Community Services’ Office of Planning and Evaluation, a division that helps plan programs for low-income and vulnerable families, had created maps intended to assist with resource allocation decisions.
The maps were created to help IDHS “determine where to open new local offices and were intended for internal IDHS use only.” But these maps were published on Clearweb and were therefore accessible to all visitors.
Not (yet) exploited
Those affected by this incident can be divided into two categories, IDHS explained: approximately 32,000 clients of the Division of Rehabilitation Services and more than 670,000 beneficiaries of the Medicaid and Medicare Savings Programs.
For the first group, IDHS outlined names, addresses, case numbers, case status, referral source information, region and office information, and DRS recipient status.
For the second, the information exposed includes addresses, case numbers, demographic information, and the name of medical assistance plans (such as Medicaid, Medicare, etc.). Anyone who thinks they might be affected should be wary of identity theft and fraud.
Due to the way these maps were configured and the data exposed, it is impossible to determine who viewed them and whether malicious actors exfiltrated the information therein. However, IDHS says it has seen no evidence of attempted misuse.
The error was spotted in late September 2025 and the agency responded by limiting access to authorized employees only. It is now notifying those affected and has set up a toll-free number that customers can call with additional requests.
There is no news yet of identity theft or credit monitoring services, although this is a common practice in these kinds of situations.
Via The file
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
