The Illinois Division of Human Companies (IDHS), certainly one of Illinois’ largest state businesses, by chance uncovered the private and well being knowledge of almost 700,000 residents on account of incorrect privateness settings.
The company found the data breach on September 22 when it discovered that maps created by the IDHS Division of Household and Group Companies for useful resource allocation choices have been publicly viewable on a mapping web site on account of misconfigured privateness controls.
These maps, supposed for inside use to information choices comparable to workplace placement, remained accessible on-line for years earlier than the difficulty was found final yr.
The ensuing data breach affected two teams of Illinois residents. Roughly 672,616 Medicaid and Medicare Financial savings Program recipients had their addresses, case numbers, demographic particulars, and medical help plan names uncovered on-line from January 2022 via September 2025, however their names weren’t included.
One other, smaller group of 32,401 Division of Rehabilitation Companies clients had info, together with names, addresses, case numbers, case standing, and referral sources, uncovered from April 2021 via September 2025.
“On September 22, 2025, IDHS found that maps created by the IDHS Division of Household and Group Companies’ Bureau of Planning and Analysis on a mapping web site have been publicly viewable on account of incorrect privateness settings,” the IDHS stated.
“The mapping web site was unable to determine who seen the maps. Up to now, IDHS is unaware of any precise or tried misuse of non-public info because of this incident.”
After discovering the incident, the IDHS restricted entry to the maps to approved workers, finishing the lockdown on September 26. The company has additionally carried out a overview of all uncovered maps and now blocks makes an attempt to add identifiable buyer info to public mapping platforms.
The company is notifying affected people as required by federal well being privateness regulation and has reported the incident to related regulatory authorities.
In December 2024, the IDHS disclosed one other data breach after attackers breached a number of worker accounts following a phishing assault and accessed the private info of 1,166,094 individuals.
Whether or not you are cleansing up outdated keys or setting guardrails for AI-generated code, this information helps your workforce construct securely from the beginning.
Get the cheat sheet and take the guesswork out of secrets and techniques administration.
