Illinois Department of Public Health announces major breach that impacted 126k individuals
The Illinois Department of Public Health said it suffered a significant data breach that compromised the sensitive personal information of around 126,000 individuals.The Illinois Department of Healthcare and Family Services (HFS) and the Illinois Department of Human Services (IDHS) said in May that on March 13th, it identified suspicious user accounts created within the Application for Benefits Eligibility (ABE) system.The ABE system is used to determine an individual’s eligibility to receive state-funded medical benefits programmes (Medicaid), the Supplemental Nutrition Assistance Programme (SNAP), and Temporary Assistance for Needy Families (TANF). The Manage My Case (MMC) portal within ABE enables departments’ customers to see their case history and benefit details, as well as change account and benefits information.“These suspicious accounts were able to link to existing customer MMC accounts by providing the customer’s date of birth and Individual ID or Social Security Number, and then correctly answering several identity proofing questions,” HFS said.According to the department, threat actors stole the sensitive personal information of individuals elsewhere and then used the same to access customers’ MMC accounts.The compromised information included clients’ names, addresses, phone numbers, dates of birth, recipient identification numbers, individual IDs, Case IDs, Social Security Numbers, benefits applied for and received, and income information.In a recent filing with the U.S. Department of Health and Human Services Office, Illinois Department of Public Health said that the recent security incident affected at least 126,000 individuals.The departments have already notified all affected individuals, the members of the Illinois General Assembly, and the Office of the Illinois Attorney General on May 12th about the data security incident.The Illinois Department of Healthcare and Family Services and the Illinois Department of Human Services have set up a dedicated phone line for affected individuals to help them and answer any questions about the security incident. Affected individuals can also contact consumer reporting agencies to place a free fraud alert or security freeze on their accounts.
Most Viewed
New rules, rising threats: why lean IT teams must rethink cyber-securitySponsored by CORO CYBER SECURITY
Don’t allow AI experiments to become quiet business risksSponsored by alice.io
The Expert View: Securing the AI-Driven WorldSponsored by Checkpoint
The Expert View: Reducing cyber-risk across OT and critical infrastructureSponsored by Claroty
The Expert View: Transforming security through risk intelligenceSponsored by Obrela
Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF
23-29 Hendon Lane, London, N3 1RT
020 8349 4363
© 2025, Lyonsdown Limited. teiss® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543