Breach reported by Illinois attorney general confirmed to be ransomware attack
A data breach reported by Attorney General Kwame Raoul’s office nearly three weeks ago was a ransomware attack, according to a Thursday, April 29, news release.
Raoul’s office has launched a new hotline to provide information to residents following the data breach first reported on April 10.
A Thursday, April 29, news release stated the office “continues to evaluate the full extent of the compromise,” including what specific data may have been compromised in the breach.
“While we do not yet know with certainty what was compromised in the ransomware attack, we are working closely with federal law enforcement authorities and outside technology experts to determine what information was exposed, how this happened, and what we can do to ensure that such a compromise does not happen again,” Raoul said in the release.
Raoul’s office stated that the purpose of the hotline is to allow residents who may have concerns about the breach to receive answers to their questions while the investigation is ongoing.
The hotline can be reached by calling 1-833-688-1949 between the hours of 8 a.m. and 5 p.m. Monday through Friday.
The Chicago Sun-Times reported Thursday, April 29 a ransomware group “potentially linked to Russia,” known as DoppelPaymer, had posted documents it had stolen from the Attorney General’s office over a period of two weeks.
Ransomware is a malicious software that collects the victim’s personal data and threatens to publish it unless a ransom is paid to the hacker.
A public notice on the Attorney General’s website said that leaked information could include sensitive personal information such as individuals’ names, addresses and social security numbers.
The notice stated that all information about the breach, including the exact extent of what information was stolen, will be made available at www.illinoisattorneygeneral.gov as it becomes available.
When asked about the data breach Friday, April 30, Gov. J.B. Pritzker said the ransomware breach was contained to the attorney general’s office only, and that no other state offices or agencies were affected.
“We have federal authorities that are involved here and helping to investigate. It’s become a law enforcement matter at this point,” Pritzker said.
Determining the extent of the breach
Prtizker said law enforcement agencies are working closely with the state’s Department of Information Technology to determine the extent of the breach and rectify the situation.
“Government systems and your personal systems are all in some ways under attack every day,” Pritzker added. “There are cybersecurity needs that people need to follow in their personal lives with their personal devices (or) their office business devices, and in government, we’re all trying to do that at the same time there are foreign actors as well as domestic hackers that are trying to get in.”
“It’s a constant battle but we have a pretty good team that’s fighting it, and I know the Attorney General’s Office is working very hard to reverse the damage that was done,” he said.
Capitol News Illinois is a nonprofit, nonpartisan news service covering state government and distributed to more than 400 newspapers statewide. It is funded primarily by the Illinois Press Foundation and the Robert R. McCormick Foundation.
This story was originally published April 2, 2021 at 9:00 AM.
BEHIND THE STORY
MOREWhat is Capitol News Illinois and why is the BND posting its articles?
Capitol News Illinois is a non-profit news service that provides coverage of Illinois state government to members of the Illinois Press Association. The Belleville News-Democrat is an IPA member. The BND posts articles from Capital News Illinois and The Associated Press to supplement our staff’s state affairs coverage, which focuses on Southern Illinois legislators and regional issues.
