The health department for the state of Illinois in the US has confirmed that years of security breaches exposed the personal information of more than 700,000 of its citizens.
The Illinois Department of Human Services (IDHS) said statement on January 2 that an internal mapping website containing citizens’ personal information, which officials use to help allocate state resources, was inadvertently made publicly available from April 2021 to September 2025, when the security was discovered.
Officials said the exposed data included personal information about 672,616 individuals who were Medicaid and Medicare Savings Program recipients. The data includes addresses, case numbers, and demographic data – but not individual names.
The exposed data also included names, addresses, case status and other information related to 32,401 individuals who received services from the department’s Division of Rehabilitation Services.
IDHS said it could not determine whether anyone had viewed the publicly accessible map during the four years it was accessible on the web.