The health department for the U.S. state of Illinois has confirmed that a years-long security lapse exposed the personal information of more than 700,000 state residents.
The Illinois Department of Human Services (IDHS) said in a statement on January 2 that an internal mapping website containing residents’ personal information, which officials used for assisting with the allocation of state resources, was inadvertently publicly viewable as far back as April 2021 through September 2025, when the security lapse was discovered. Officials said the exposed data included personal information on 672,616 individuals who are Medicaid and Medicare Savings Program recipients. The data included their addresses, case numbers, and demographic data — but not individuals’ names.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- US energy department, other agencies hit in global hacking spree
July 16, 2023
The U.S. Department of Energy and several other federal agencies were hit in a global hacking campaign that exploited a vulnerability in widely used file-transfer software, officials said on Thursday. Data was “compromised” at two entities within the energy department when hackers gained access through a security flaw in MOVEit Transfer, the department said in a ...
- Commerce Secretary Gina Raimondo’s emails hacked in Microsoft cyber breach
July 13, 2023
Commerce Secretary Gina Raimondo’s emails were hacked as part of the Microsoft cyber breach, according to a source familiar with the investigation. Microsoft’s Outlook systems were breached by Chinese hackers, according to the company. The breach was discovered in May. Read more… Source: ABC News
- Enhanced Monitoring to Detect APT Activity Targeting Outlook Online
July 12, 2023
In June 2023, a Federal Civilian Executive Branch (FCEB) agency identified suspicious activity in their Microsoft 365 (M365) cloud environment. The agency reported the activity to Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA), and Microsoft determined that advanced persistent threat (APT) actors accessed and exfiltrated unclassified Exchange Online Outlook data. CISA and the Federal ...
- Privacy activists slam EU-US pact on data sharing
July 11, 2023
The European Commission has announced a pact with the US to allow easier legal transfer of personal data across the Atlantic. Data privacy activists vowed to challenge the agreement in court. President Joe Biden and EU officials welcomed the deal, which overcame objections about US intelligence agencies’ access to European data. The deal ensures Meta, Google ...
- FBI worked with Ukraine intelligence agency to remove social media accounts
July 10, 2023
The FBI colluded with a Ukrainian intelligence agency in an effort to disrupt Russian disinformation campaigns by flagging social media accounts in a failed effort that ensnared a verified Russian-language U.S. State Department account and others, the House Judiciary Committee said in a report released Monday. The report said the FBI partnered with the SBU, one ...
- Florida patients among 11 million affected by HCA Healthcare data breach
July 10, 2023
Data on roughly 11 million HCA Healthcare patients in 20 states including Florida, was stolen and recently posted on an online forum, the hospital chain reported on Sunday. According to the company, an unauthorized party gained access to 27 million rows of data stored at an external location that is used to to automate company email ...