The state will send out notices this week to people eligible to sign up for the credit monitoring, according to the Illinois Department of Innovation & Technology. Only people whose data was part of the breach will get the call center phone number, the state said.
The move comes in response to a late May attack by a global ransomware gang called CL0P that is thought to have exploited a vulnerability in the state’s MOVEit Transfer file-sharing software. The state estimates data for 390,000 people was affected.
The state will offer credit monitoring services for 12 months with Experian. It’s designed to provide identity theft detection, identity restoration and identity theft insurance for those whose data was compromised, according to the state.
There is no indication anyone’s compromised information has been used fraudulently, the state said in announcing the credit monitoring and call center.
Other victims of the May 31 attack included the BBC, British Airways and Nova Scotia’s government, according to The Associated Press.
The attack on Illinois’ computer systems was contained within three hours, according to the state.
The Department of Innovation & Technology “removed the hackers out of the state’s systems by securing the servers that were compromised and immediately implementing steps to protect against future attacks,” the state said.
Ransomware is malicious software that infects a computer system. Those behind ransomware then demand money to allow the system to work properly again or threaten to post sensitive information online if they don’t receive payment. A spokesperson with Gov. J.B. Pritzker’s office earlier this month said the hackers did not seek a ransom from the state.
This is not the first time Illinois state government has been hit by a ransomware group.
In early 2021, the state attorney general’s office was infiltrated by another Russian cybergang. That attack came after an audit warned that “weaknesses in cybersecurity” potentially left sensitive information on the agency’s computer network “susceptible to cyberattacks and unauthorized disclosure.”
© 2023 Chicago Tribune. Distributed by Tribune Content Agency, LLC.
