By Mike Ramsey
GATEHOUSE NEWS SERVICE
May 19, 2007
CHICAGO - The state's professional-regulation department is notifying
roughly 300,000 licensees and applicants that a computer server with
some of their personal data was breached early this year, a spokeswoman
for the agency said Friday.
Potentially at risk for identity theft are banking and real-estate
professionals whose licensing information - including addresses, tax
numbers and Social Security numbers - were kept on the storage server,
said Sue Hofer, spokeswoman for the Illinois Department of Financial and
The individuals will receive letters advising them how to monitor their
credit histories to determine if they have been victimized, she said,
adding that it will take about a week to get all the letters out.
"We are doing everything we can to help the licensees protect
themselves," Hofer said.
She said investigators have determined that the breach "looks like
criminal conduct," and the hacking appears to have come from a source
outside state government.
Department officials notified the Illinois State Police and FBI after
they determined on May 3 that the computerized information had been
compromised, probably in January, Hofer said.
She said authorities initially asked Gov. Rod Blagojevich's
administration not to tell licensees about the breach so that the
investigation would not be compromised. The administration also did not
immediately inform members of the General Assembly at the request of
authorities, Hofer said.
Spokespeople for the state police and FBI could not be reached Friday
afternoon for comment.
Hofer said the information about the banking and real-estate licensees
was six to 12 months old. She said the breached server did not contain
The suspected hacking of the state records follows several high-profile
thefts of databases. Last month, two laptop computers containing
information about 40,000 employees were stolen from Chicago Public
Schools headquarters. Discount retailer T.J. Maxx disclosed earlier this
year that credit-card data of customers had been compromised.
State law is somewhat open-ended about how soon a public or private body
must notify individuals when their personal data has been stolen, said
Deborah Hagan, the chief of consumer protection for Illinois Attorney
General Lisa Madigan.
The law allows investigators to delay disclosure, she said.
"I think there has to be a balance in terms of getting this information
out to affected persons as quickly as possible ... versus not
interfering with an investigation which may result in catching the
perpetrator," Hagan said.
Madigan's office offers instructions on combating identify theft at this
Web address: www.illinois attorneygeneral.gov/consumers/ hotline.html.
Consumers can also call a hot line - (888) 999-5630 - during business
The state Department of Financial and Professional Regulation has
information about the breach at www.idfpr.com.
The 300,000 licensees affected by the incident include mortgage brokers,
pawn-shop operators and real-estate agents, Hofer said. Her agency
licenses a total of 1.2 million professionals in Illinois, she said.
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com