The health department for the state of Illinois has confirmed a years-long security lapse that exposed the personal information of more than 700,000 state residents.
The Illinois Department of Human Services stated that an internal mapping website containing residents’ personal information was inadvertently publicly viewable. Officials used this site for assisting with the allocation of state resources. The lapse existed as far back as April 2021 and continued through September 2025, when it was discovered.
Officials said the exposed data included personal information on 672,616 individuals who are Medicaid and Medicare Savings Program recipients. This data included their addresses, case numbers, and demographic data, but not individuals’ names.
The exposed data also included information relating to 32,401 individuals receiving services from the department’s Division of Rehabilitation Services. This included their names, addresses, case statuses, and other details.
The department stated it was unable to determine if anyone had viewed the publicly exposed maps during the four years they were accessible on the web.