The Illinois Department of Human Services (IDHS) has disclosed a major data breach that exposed the personal and health-related information of nearly 700,000 Illinois residents due to incorrect privacy settings on an online mapping platform.
IDHS is one of the largest state agencies in Illinois, providing healthcare and social services to millions.
According to the agency, the breach was discovered on September 22, 2025, when officials realized that internal maps created by the Division of Family and Community Services were publicly accessible online. The maps were intended for internal planning purposes, such as deciding office locations and resource distribution, but had remained visible to the public for several years because of misconfigured privacy controls.
The exposed data affected two groups. About 672,616 Medicaid and Medicare Savings Program recipients had information such as addresses, case numbers, demographic details, and medical assistance plan names exposed between January 2022 and September 2025, though names were not included.
A second group of 32,401 Division of Rehabilitation Services customers had more sensitive data exposed, including names, addresses, case status, and referral sources, dating back to April 2021.
IDHS said it cannot determine who accessed the data but noted that it is not aware of any misuse linked to the incident. After discovering the issue, the agency restricted access to the maps by September 26, reviewed all exposed content, and implemented controls to block identifiable customer data from being uploaded to public mapping services.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Affected individuals are being notified, and the breach has been reported to regulators as required by federal health privacy laws.
