ISP: Info from more than 2,000 FOID cardholders ‘possibly’ compromised
in hack
Send a link to a friend
 [August 07, 2021]
By Greg Bishop
(The Center Square) – The Illinois State
Police are notifying about 2,000 Illinoisans with Firearm Owners
Identification cards that their personal information may have been
compromised in a hack of the agency's Police FOID card portal.
The backlog-plagued system was hit with a cyberattack, ISP confirmed
Thursday.
“Out of necessity, some of the online account parameters put in place
for ease of use and convenience years ago have been appropriately
modified and tightened to prevent unauthorized users from attempting to
further expand the extent of the identify fraud,” the police agency
reported.
State Rep. Tim Butler, R-Springfield, said the thieves were looking for
additional personal information.
“They were using some data that had potentially been out there in other
hacks and they were trying to gather further information on someone's
identity,” Butler told WMAY Friday. “And no false FOID cards went out,
or anything like that.”
Illinois State Police officials said the information of about 2,000 FOID
cardholders, or about .0008% of the total number of FOID cardholders in
the state, may have been accessed in the attempted hack. Those people
will be contacted, the agency said in a news release.
Cybersecurity consultant John Bambenek said the hack raises not just
concerns about cybersecurity, but also physical security.
“I’d rather there not be a database somewhere of gun owners and their
addresses,” Bambenek said. “It doesn’t take that much imagination to
figure out how that information can be used in ways that increase the
risk to those persons.”
Bambenek said the hack is the latest in a string of attacks targeting
government cyber infrastructure and officials should take steps to beef
up security. But, he said it appeared the agency caught the hack early.
[to top of second column]
|
“It sounds like they’ve done their research, there’s specificity in the
report,” Bambenek said. “They’ve taken some proactive measures.”
Illinois State Police officials said in response to the hack, they are
“restricting the use and access of personal information that FOID card
applicants submit in their online FOID account that could match Illinois
resident personal identification information unlawfully obtained from
any number of previous cyber breaches,” according to a news release.
Butler said he’d rather the FOID card be done away with altogether,
calling it an impediment for people to be able to exercise their Second
Amendment rights, but if it’s required, state officials must make it
secure.
“I have a lot of logins where I use two-factor authentication,” Butler
said. “So I’m getting text on my cell phone, or I’m getting an email
directly to my email with an additional number that I have to plug in as
another safety factor and think that’s where we have to go with this
stuff.”
Agency officials said they continue working with other law enforcement
agencies to further investigate the origins of the hack.
The hack follows other recent cyberattacks on state government agencies
like the Illinois Attorney General’s office and the Illinois Department
of Employment Security, something Bambenek said must be a wake-up call
to all levels of government.
“Breaches happen and attacks happen, but government needs to continue to
operate,” Bambenek said. “The Attorney General of the state of Illinois
can’t take six months off doing the job. So, they need to have plans on
how to respond and recover from these incidents in a reasonable
timeframe.”
 |
