The Illinois State Police are notifying about 2,000 Illinoisans with Firearm Owners Identification cards that their personal information may have been compromised in a hack of the agency’s Police FOID card portal.
The backlog-plagued system was hit with a cyberattack, ISP confirmed yesterday.
“Out of necessity, some of the online account parameters put in place for ease of use and convenience years ago have been appropriately modified and tightened to prevent unauthorized users from attempting to further expand the extent of the identify fraud,” the police agency reported.
Illinois State Police officials said the information of about 2,000 FOID cardholders, or about .0008% of the total number of FOID cardholders in the state, may have been accessed in the attempted hack. Those people will be contacted, the agency said in a news release.
Cybersecurity consultant John Bambenek said the hack raises not just concerns about cybersecurity, but also physical security.
“I’d rather there not be a database somewhere of gun owners and their addresses,” Bambenek said. “It doesn’t take that much imagination to figure out how that information can be used in ways that increase the risk to those persons.”
Bambenek said the hack is the latest in a string of attacks targeting government cyber infrastructure and officials should take steps to beef up security. But, he said it appeared the agency caught the hack early.
“It sounds like they’ve done their research, there’s specificity in the report,” Bambenek said. “They’ve taken some proactive measures.”
Illinois State Police officials said in response to the hack, they are “restricting the use and access of personal information that FOID card applicants submit in their online FOID account that could match Illinois resident personal identification information unlawfully obtained from any number of previous cyber breaches,” according to a news release.
The hack follows other recent cyberattacks on state government agencies like the Illinois Attorney General’s office and the Illinois Department of Employment Security, something Bambenek said must be a wake-up call to all levels of government.
“Breaches happen and attacks happen, but the government needs to continue to operate,” Bambenek said. “The Attorney General of the state of Illinois can’t take six months off doing the job. So, they need to have plans on how to respond and recover from these incidents in a reasonable timeframe.”
Comments