Data Breach Affects Illinois Secretary Of State Office. Driver’s Licenses & Social Security Numbers Exposed


The office of the Illinois Secretary of State is alerting citizens to a recent data breach that affected the agency.

About 50,000 people in Illinois received letters last week informing them of a “data security incident” that happened in early April.

In the letter, it was stated that an unidentified person gained access to the computer system of the Lake County government and sent a phishing email to the secretary of state personnel in Illinois.

The letter indicates that names, driver’s licenses, and Social Security numbers may have been exposed. Those who are affected can get free credit monitoring from the agency.

Two employees of the Illinois Secretary of State also had their email accounts compromised.

The Illinois Secretary of State’s office explained to NBC 5 Responds that while their email system was compromised, none of the agency’s databases—including those containing driver and vehicle records—were affected.

In order to stop such attacks, the office also said that they are improving their data security procedures.

The entire statement from the office of the Illinois Secretary of State is below:

“We recently learned that an email from an official email account of a Lake County Government employee was sent to two Illinois Secretary of State employees, which was later determined to be part of a phishing attempt.

The office’s Department of Information Technology and cyber security teams acted within hours to contain and mitigate the phishing incident and none of the agency’s databases, including those containing driver and vehicle records, were compromised.

The Secretary of State’s office takes these issues extremely seriously and has engaged multiple third-party cyber security experts to conduct a forensic audit to ascertain the origin of the unauthorized access, strengthen its data security framework against future attacks and implement additional security measures and oversight.

While the incident appeared to target the two individual employees, the office pro-actively notified all individuals whose information was potentially impacted and offered free credit monitoring services out of an abundance of caution and to alleviate any concerns related to the incident.

Since taking office, the Secretary of State has emphasized the need to overhaul its antiquated IT infrastructure and has made significant investments to enhance the protection of personal data through additional partnerships with cyber security providers and the expansion of our cyber security unit within our IT Department. This incident reinforces that continued commitment.

Despite the fact the incident originated from an official Lake County Government email account, the office fully understands the frustration, inconvenience and concern that accompanies such occurrences and appreciates the public’s patience.”