Illinois officials have confirmed that a publicly accessible internal website exposed personal information linked to more than 700,000 state residents over a period of more than four years, after a security lapse went undetected until late 2025.
Internal Mapping Site Left Publicly Accessible
The Illinois Department of Human Services said in a statement issued January 2 that an internal mapping website used by officials to help allocate state resources was inadvertently accessible on the public internet from April 2021 through September 2025. The exposure was discovered in September, prompting the department to secure the site.
According to the department, the website contained maps populated with personal information tied to residents receiving services from multiple state programs.
Medicaid And Medicare Savings Program Data Exposed
IDHS said the exposed information included data related to 672,616 individuals enrolled in Medicaid and the Medicare Savings Program. The information shown on the maps included home addresses, case numbers, and demographic details. Officials said the data did not include the individuals’ names.
Rehabilitation Services Records Also Affected
The department said the same website also exposed personal information associated with 32,401 individuals receiving services through its Division of Rehabilitation Services. In those cases, the data included names, addresses, case statuses, and other service-related information.
Scope Of Access Remains Unclear
IDHS said it has not been able to determine whether any unauthorized parties viewed or accessed the maps during the period they were publicly available. The department did not provide details on how the site was discovered or what measures have been taken beyond restricting access.
Featured image credits: Pix4Free
For more stories like it, click the +Follow button at the top of this page to follow us.