CHICAGO — The Illinois Department of Human Services (IDHS) announced Friday that it suffered a privacy breach earlier this year, which exposed the information of thousands of customers.
According to the IDHS, the incident occurred on April 25 after an outside entity, through a phishing campaign, was able to gain access to the accounts of several employees and the files associated with the accounts, which included the Social Security numbers (SSN) of 4,701 customers and three employees.
Alongside the Social Security numbers, public assistance account information for 1,118,993 customers, which did not include any SSNs, was also accessed.
The public assistance account information included names, public assistance account numbers, and some combination of addresses, dates of birth, Illinois State Board of Education Student Information System ID numbers, Recipient Identification Numbers and cell phone numbers.
IDHS notified the Illinois Department of Innovation and Technology (DoIT) about the breach on May 3, and determined that it was a reportable breach of security under the Personal Information Protection Act (PIPA).