The health department for the U.S. state of Illinois has confirmed that a years-long security lapse exposed the personal information of more than 700,000 state residents.
The Illinois Department of Human Services (IDHS) said in a statement on January 2 that an internal mapping website containing residents’ personal information, which officials used for assisting with the allocation of state resources, was inadvertently publicly viewable as far back as April 2021 through September 2025, when the security lapse was discovered. Officials said the exposed data included personal information on 672,616 individuals who are Medicaid and Medicare Savings Program recipients. The data included their addresses, case numbers, and demographic data — but not individuals’ names.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Four suspects cuffed, face extradition to US over tax refund scam plot
December 6, 2022
Four men suspected of plotting to commit wire fraud and identity theft have been arrested and now face extradition to America. It is alleged they conspired to break into US companies’ servers, steal people’s personally identifiable information (PII), use that info to file fraudulent tax returns to Uncle Sam, and collect victims’ tax refunds. In newly unsealed ...
- Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia
November 28, 2022
Mandiant Managed Defense recently identified cyber espionage activity that heavily leverages USB devices as an initial infection vector and concentrates on the Philippines. Mandiant tracks this activity as UNC4191 and we assess it has a China nexus. UNC4191 operations have affected a range of public and private sector entities primarily in Southeast Asia and extending to ...
- US bans Huawei, ZTE equipment sales amid Chinese spying fears
November 27, 2022
The Biden administration has banned approvals of new telecommunications equipment from China’s Huawei Technologies and ZTE because they pose “an unacceptable risk” to US national security. The US Federal Communications Commission said on Friday it had adopted the final rules, which also bar the sale or import of equipment made by China’s surveillance equipment maker Dahua ...
- Iranian Hackers Installed Crypto Miner in Federal Agency After Exploiting Unpatched Log4Shell Vulnerability
November 25, 2022
The Cybersecurity and Infrastructure Security Agency (CISA) said Iranian hackers breached a federal agency that failed to patch the Log4Shell vulnerability and deployed a crypto miner. The Log4Shell vulnerability (CVE-2021-44228) is a critical remote code execution flaw on Apache’s Log4j logging library popular with Java developers. The breach that occurred as early as February 2022 impacted ...
- Vice Society ransomware claims attack on Cincinnati State college
November 25, 2022
The Vice Society ransomware operation has claimed responsibility for a cyberattack on Cincinnati State Technical and Community College, with the threat actors now leaking data allegedly stolen during the attack. The hackers posted a long list of documents on their Tor data leak site they claim was stolen from the college, indicating that a ransom was ...
- Meta links US military to fake social media influence campaigns
November 24, 2022
In its latest quarterly threat report, Meta said it had detected and disrupted influence operations originating in the US, and it calls out those it believes are responsible: the American military. Meta said it picked up on three major covert influence operations on its platforms in the third quarter of the year, the first of which ...