The names and addresses of thousands of patients of the Illinois Department of Human Services were incorrectly made publicly viewable for the last several years, the agency said Friday.
Several maps created to assist the agency with decisions — like where to open new offices and allocate certain resources — were made public through incorrect privacy settings between 2021 and 2025, the Department of Human Services said in a statement.
More than 32,000 customers with the IDHS division of rehabilitation services had information publicly viewable between April 2021 and September 2025. The information included names, addresses, case numbers, case status, referral source information, region and office information and status as Division of Rehabilitation Services recipients, the agency said.
Around 670,000 Medicaid and Medicare Savings Program recipients had their addresses, case numbers, demographic information and the name of medical assistance plans publicly viewable between January 2022 and September 2025, IDHS said.
The state agency said the mapping website was unable to identify who viewed the maps, and IDHS is unaware of any misuse of personal information resulting from the data leak.
IDHS discovered the issue Sept. 22 and immediately changed the privacy settings for all maps, restricting access to authorized IDHS employees, the agency said. It also implemented a secure map policy that prohibits uploading customer data to public mapping websites.
Individuals whose information was made public will receive a notice about the leak from IDHS. The notices will include a phone number that people can call for more information.
