Illinois Department of Human Services leaks data of 700,000 people
Learn More
The Illinois Department of Human Services (IDHS) reports a data leak affecting over 700,000 residents.
The incident occurred because staff used mapping tools with incorrect privacy settings for internal planning. These maps helped the agency decide where to open new offices and place resources but inadvertently left sensitive patient data open to the public internet for several years.
The exposure began as early as April 2021 and remained active until September 2025. Because the agency used public-facing mapping platforms, the data was potentially indexable by search engines and was accessible to anyone with the specific URL. IDHS officials stated they cannot determine if unauthorized parties viewed or downloaded the information during the four-year window.
The exposed data included:
- Full names (for DRS recipients)
- Home addresses
- Case numbers and current case status
- Referral source information
- Demographic data
- Names of medical assistance plans
- Regional and office identifiers
Approximately 32,401 individuals enrolled in the Division of Rehabilitation Services (DRS) had their information exposed starting in April 2021. A much larger group of 672,616 Medicaid and Medicare Savings Program recipients had their data visible from January 2022 through September 2025.
IDHS discovered the misconfiguration on September 22, 2025, and locked down the affected maps. IDHS is notifying all affected individuals by mail in compliance. It's not clear if any credit monitoring or protection will be provided.
