.png)
Illinois Dept. Of Human Services Data Breach: 705k Affected
Illinois Department of Human Services recently experienced a data breach that affected a reported 705,017 individuals across the United States. The breach, which occurred between April 2023 and September 2025, was discovered on Sept. 22, 2025.
According to disclosures, the incident involved a distributed denial-of-service (DDoS) attack claimed by the group Red Wolf Cyber. The group targeted the Illinois Department of Human Services (IDHS) website, leading to service downtime and exposure of sensitive information.
The information exposed in this breach included names, addresses, case numbers, case status, referral source information, region and office name, and status as a Division of Rehabilitation Services (DRS) recipient. While the data set did not include Social Security numbers or financial account information, it did contain personally identifiable information (PII) and certain protected health information (PHI) related to individuals’ interactions with IDHS services.
The breach was first disclosed publicly on the dark web by Red Wolf Cyber on Sept. 28, 2025, with proof of service disruption provided.
The U.S. Department of Health and Human Services was officially notified on Jan. 9, 2026. IDHS also posted a public notice on its website.
Illinois Department of Human Services' response
Following the discovery of the breach, Illinois Department of Human Services took steps to address the incident and inform those affected. The agency published a public notice and provided information about the breach on its website.
Given the nature of the data exposed, those affected should remain vigilant for suspicious communications, including phishing attempts or fraudulent requests for additional information. It is advisable to monitor any accounts associated with IDHS services and report unusual activity immediately.
Since the breach involved a DDoS attack and not a direct compromise of internal databases, financial data and Social Security numbers were not part of the exposed information. However, the exposure of case-related PII and PHI can still have serious privacy implications.
For further support or questions, individuals can contact the IDHS help line at 1-800-843-6154.
Names
Social Security Numbers
Dates of Birth
Addresses
Government IDs
Medical Info
Financial Info- Affected information types not yet disclosed
Data Breach Settlements
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
What to Read Next
Subscribe to our weekly class actions newsletter.
.svg)