The Illinois Secretary of State’s office is alerting Illinois residents about a recent data breach that impacted the agency.
Last week, letters went out to roughly 50,000 Illinois residents about a "data security incident" that took place in early April.
According to the letter, an unknown person obtained access to the Lake County government's computer system and sent out a phishing e-mail to employees with the Illinois Secretary of State's office.
The letter states names as well as driver's licenses and Social Security numbers were possibly exposed. The agency is offering free credit monitoring to individuals who were impacted.
Additionally, the e-mail accounts of two Illinois Secretary of State employees were infiltrated.
In a statement to NBC 5 Responds, the Illinois Secretary of State's office clarified that while their e-mail system was infiltrated, none of the agency's databases, including those containing driver and vehicle records, were compromised.
The office added that they're strengthening their data security framework to protect against any future attacks.
NBC 5 Responds
Below is the full statement offered by the Illinois Secretary of State's office:
"We recently learned that an email from an official email account of a Lake County Government employee was sent to two Illinois Secretary of State employees, which was later determined to be part of a phishing attempt.
Feeling out of the loop? We'll catch you up on the Chicago news you need to know. Sign up for the weekly Chicago Catch-Up newsletter here.
The office’s Department of Information Technology and cyber security teams acted within hours to contain and mitigate the phishing incident and none of the agency’s databases, including those containing driver and vehicle records, were compromised.
The Secretary of State’s office takes these issues extremely seriously and has engaged multiple third-party cyber security experts to conduct a forensic audit to ascertain the origin of the unauthorized access, strengthen its data security framework against future attacks and implement additional security measures and oversight.
While the incident appeared to target the two individual employees, the office pro-actively notified all individuals whose information was potentially impacted and offered free credit monitoring services out of an abundance of caution and to alleviate any concerns related to the incident.
Since taking office, the Secretary of State has emphasized the need to overhaul its antiquated IT infrastructure and has made significant investments to enhance the protection of personal data through additional partnerships with cyber security providers and the expansion of our cyber security unit within our IT Department. This incident reinforces that continued commitment.
Despite the fact the incident originated from an official Lake County Government email account, the office fully understands the frustration, inconvenience and concern that accompanies such occurrences and appreciates the public’s patience."
