- IDHS accidentally exposed sensitive data of 700,000 people via publicly available cards
- Data included addresses, case details and medical care plan information
- Access limited in September 2025; affected persons notified, but no credit monitoring is offered
The Illinois Department of Human Services (IDHS) maintained a database on the open internet and exposed sensitive data from 700,000 people to anyone who found it.
In a news release posted on the agency’s website in early January, it said the IDHS Division of Family and Community Services’ Bureau of Planning and Evaluation, a department that helps plan programs for low-income and vulnerable families, created maps to help with resource allocation decisions.
The maps were created to help IDHS “determine where to open new local offices and were intended for internal IDHS use only”. But these maps were posted on clearweb, and were thus available to all visitors.
Not used (yet)
The people affected by this incident can be divided into two categories, IDHS explained: about 32,000 customers of the Division of Rehabilitation Services and more than 670,000 beneficiaries of Medicaid and the Medicare Savings Program.
For the first group, IDHS disclosed the names, addresses, case numbers, case status, referral source information, region and office information, and status of DRS recipients.
Second, exposed information includes addresses, case numbers, demographic information, and the name of medical assistance plans (such as Medicaid, Medicare, etc.). Anyone who thinks they may be affected should be alert to identity theft and fraud.
Due to the way these cards were set up and the data they exposed, it is impossible to determine who viewed them and whether any malicious actors exfiltrated the information contained within. However, the IDHS claims it has seen no evidence of attempted abuse.
The flaw was discovered in late September 2025, and the agency responded by restricting access to only authorized employees. It is now notifying affected people and has set up a toll-free number where customers can call for further enquiries.
There was no mention yet of identity theft or credit monitoring services, although these are standard practice in these kinds of situations.
Via The record
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
