Social Security Numbers of Over 1,80,000 Illinoisans Hacked by Threat Actors

As a result of the attack on Lutheran Social Services of Illinois (LSSI), hackers gained access to individual names, dates of birth, financial records, sensitive medical diagnosis and treatment information, Social Security numbers (SSNs), and more personal information.

On 27 January 2022, a non-profit social service provider in Illinois, Lutheran Social Services of Illinois (LSSI) stated that the organization was hit by a severe ransomware attack. After identifying the attack, they promptly disabled and isolated the affected systems. A thorough investigation was started immediately.

“After an extensive forensic investigation and comprehensive review of the data impacted, we determined the extent that the unauthorized party accessed certain files containing personal and health information that were maintained on the affected systems. The types of information potentially involved may include individual names, dates of birth, Social Security numbers, financial account information, driver’s license numbers, biometric information, medical diagnosis and treatment information, and health insurance information. We are notifying potentially affected individuals via mail,” said the LSSI officials.

According to a data breach notification sent to the Maine Attorney General, more than 1,84,000 people were affected by the cyberattack.

On January 25, 2023, almost a year after the nonprofit discovered its systems had been breached, LSSI sent letters to potentially affected users. There was no evidence that the stolen data had been used for identity theft or financial fraud, according to LSSI. Threat actors, on the other hand, can sit on stolen data for a while before selling it, or they can compile it into larger sets before selling it at a higher price.

“Involved individuals are encouraged to take steps to protect themselves against identity fraud, including placing a fraud alert/security freeze on their credit files, obtaining free credit reports, and remaining vigilant in reviewing financial account statements and credit reports for fraudulent or irregular activity on a regular basis,” suggested the officials.