The health department for the U.S. state of Illinois has confirmed that a years-long security lapse exposed the personal information of more than 700,000 state residents.
The Illinois Department of Human Services (IDHS) said in a statement on January 2 that an internal mapping website containing residents’ personal information, which officials used for assisting with the allocation of state resources, was inadvertently publicly viewable as far back as April 2021 through September 2025, when the security lapse was discovered. Officials said the exposed data included personal information on 672,616 individuals who are Medicaid and Medicare Savings Program recipients. The data included their addresses, case numbers, and demographic data — but not individuals’ names.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Senators say US military is failing to secure its phones from foreign spies
December 4, 2024
Two U.S. senators are accusing the Department of Defense (DOD) of not doing enough to protect the communications of its military personnel, as the U.S. government contends with an ongoing Chinese hacking campaign targeting American phone and internet giants. The senators say the Department of Defense still relies too heavily on old-fashioned landline calls, and unencrypted ...
- NCA disrupts $multi-billion Russian money laundering networks with links to, drugs, ransomware and espionage, resulting in 84 arrests
December 4, 2024
An international NCA-led investigation – Operation Destabilise – has exposed and disrupted Russian money laundering networks supporting serious and organised crime around the world: spanning from the streets of the UK, to the Middle East, Russia, and South America. Investigators have identified two Russian-speaking networks collaborating at the heart of the criminal enterprise; Smart and TGR. ...
- Enhanced Visibility and Hardening Guidance for Communications Infrastructure
December 3, 2024
The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC), Canadian Cyber Security Centre (CCCS), and New Zealand’s National Cyber Security Centre (NCSC-NZ) warn that People’s Republic of China (PRC)-affiliated threat actors compromised networks of major global telecommunications providers to ...
- No company too small for Phobos ransomware gang, indictment reveals
December 2, 2024
The US Department of Justice has charged a Russian national named Evgenii Ptitsyn with selling, operating, and distributing a ransomware variant known as “Phobos” during a four-year cybercriminal campaign that extorted at least $16 million from victims across the world. The government’s indictment against Ptitsyn should dispel any notion that ransomware gangs only target the largest, ...
- Exxon lobbyist investigated over hack-and-leak of environmentalist emails
November 27, 2024
The FBI has been investigating a longtime Exxon Mobil consultant over the contractor’s alleged role in a hack-and-leak operation that targeted hundreds of the oil company’s biggest critics, according to three people familiar with the matter. The operation involved mercenary hackers who successfully breached the email accounts of environmental activists and others, the sources told Reuters. ...
- Ransomware attack on Blue Yonder disrupts Starbucks, Sainsbury’s, Morrisons
November 27, 2024
Starbucks has confirmed that a ransomware attack on software supplier Blue Yonder has disrupted its internal systems for managing employee schedules and tracking work hours. The incident has primarily affected Starbucks’ North American operations, including approximately 11,000 stores across the United States and Canada. Starbucks says the cyberattack has compromised its ability to track baristas’ hours ...