State computer security breached

May 19, 2007

By Mike Ramsey, Gatehouse News Service

The state's professional-regulation department is notifying roughly 300,000 licensees and applicants that a computer server with some of their personal data was breached early this year, a spokeswoman for the agency said Friday.

Potentially at risk for identity theft are banking and real-estate professionals whose licensing information - including addresses, tax numbers and Social Security numbers - were kept on the storage server, said Sue Hofer, spokeswoman for the Illinois Department of Financial and Professional Regulation.

The individuals will receive letters advising them how to monitor their credit histories to determine if they have been victimized, she said, adding that it will take about a week to get all the letters out.

"We are doing everything we can to help the licensees protect themselves," Hofer said.

She said investigators have determined that the breach "looks like criminal conduct," and the hacking appears to have come from a source outside state government.

Department officials notified the Illinois State Police and FBI after they determined on May 3 that the computerized information had been compromised, probably in January, Hofer said.

She said authorities initially asked Gov. Rod Blagojevich's administration not to tell licensees about the breach so that the investigation would not be compromised. The administration also did not immediately inform members of the General Assembly at the request of authorities, Hofer said.

Spokespeople for the state police and FBI could not be reached Friday afternoon for comment.

Hofer said the information about the banking and real-estate licensees was six to 12 months old. She said the breached server did not contain credit-card information.

The suspected hacking of the state records follows several high-profile thefts of databases. Last month, two laptop computers containing information about 40,000 employees were stolen from Chicago Public Schools headquarters. Discount retailer T.J. Maxx disclosed earlier this year that credit-card data of customers had been compromised.

State law is somewhat open-ended about how soon a public or private body must notify individuals when their personal data has been stolen, said Deborah Hagan, the chief of consumer protection for Illinois Attorney General Lisa Madigan.

The law allows investigators to delay disclosure, she said.

"I think there has to be a balance in terms of getting this information out to affected persons as quickly as possible ... versus not interfering with an investigation which may result in catching the perpetrator," Hagan said.

Madigan's office offers instructions on combating identify theft at this Web address: www.illinois hotline.html. Consumers can also call a hot line - (888) 999-5630 - during business hours.

The state Department of Financial and Professional Regulation has information about the breach at

The 300,000 licensees affected by the incident include mortgage brokers, pawn-shop operators and real-estate agents, Hofer said. Her agency licenses a total of 1.2 million professionals in Illinois, she said.

main page ATTRITION feedback