A Long Time in the Dark: Illinois' Data Leak

The Incident

• What Happened?
• The Illinois Department of Human Services accidentally published private health information on a public website.

• The data was exposed for over three years before being noticed.

• Who Was Affected?
• Hundreds of thousands of people, including:
• Individuals receiving disability support.
• Participants in Medicaid and Medicare programs.
• Exposed Information:
• Names
• Addresses

• Case details

• Why Did It Happen?
• Incorrect privacy settings allowed public access to sensitive data.

The Response

• Discovery & Fix:
• The breach was detected in September 2025.

• The agency fixed the settings immediately.

• Delay in Notification:
• The public was not informed for over three months.
• Federal rules require notification within 60 days.

Questions & Concerns

• Why Was the Breach Unnoticed for So Long?
• Why the Delay in Informing the Public?
• The agency did not provide clear answers, only stating they were sorry and would improve.

The Bigger Issue

• Trust & Security:
• People rely on these programs for critical support.
• Such breaches undermine trust in government services.