Illinois health department exposed over 700,000 residents’ personal data for years

The Illinois Department of Human Services (IDHS) has revealed a significant security breach that has put the personal information of more than 700,000 residents at risk. In a statement issued on January 2, officials reported that a mapping website, utilized internally to help allocate state resources, was unintentionally accessible to the public for an extended period, from April 2021 until the breach was identified in September 2025. The compromised data primarily affects 672,616 individuals enrolled in Medicaid and the Medicare Savings Program. While sensitive information such as addresses, case numbers, and demographic details were exposed, the names of these individuals were not included. Additionally, the breach also involved 32,401 individuals receiving services from the Division of Rehabilitation Services, with personal details such as names, addresses, and case statuses being part of the exposed information. Despite the extensive exposure time, IDHS has stated that they cannot ascertain whether any unauthorized individuals accessed the data during this four-year window. This incident raises significant concerns regarding data security and the protection of personal information among state agencies.