Breach Reported by Attorney General Confirmed to be Ransomware Attack

Apr 30, 2021

Credit Capitol News Illinois file photo

A data breach reported by Attorney General Kwame Raoul’s office nearly three weeks ago was a ransomware attack, according to a Thursday news release.

Raoul’s office has launched a new hotline to provide information to residents following the data breach first reported on April 10.

A Thursday news release stated that the office “continues to evaluate the full extent of the compromise,” including what specific data may have been compromised in the breach.

“While we do not yet know with certainty what was compromised in the ransomware attack, we are working closely with federal law enforcement authorities and outside technology experts to determine what information was exposed, how this happened, and what we can do to ensure that such a compromise does not happen again,” Raoul said in the release.

Raoul’s office stated that the purpose of the hotline is to allow residents who may have concerns about the breach to receive answers to their questions while the investigation is ongoing.

The hotline can be reached by calling 1-833-688-1949 between the hours of 8 a.m. and 5 p.m. Monday through Friday.

The Chicago Sun-Times reported Thursday that a ransomware group “potentially linked to Russia,” known as DoppelPaymer, had posted documents it had stolen from the Attorney General’s office over a period of two weeks.

Ransomware is a malicious software that collects the victim’s personal data and threatens to publish it unless a ransom is paid to the hacker.

A public notice on the Attorney General’s website said that leaked information could include sensitive personal information such as individuals’ names, addresses and social security numbers.

The notice stated that all information about the breach, including the exact extent of what information was stolen, will be made available at www.illinoisattorneygeneral.gov as it becomes available.

When asked about the data breach Friday, Gov. JB Pritzker said the ransomware breach was contained to the attorney general’s office only, and that no other state offices or agencies were affected.

“We have federal authorities that are involved here and helping to investigate. It's become a law enforcement matter at this point,” Pritzker said.

Prtizker said law enforcement agencies are working closely with the state’s Department of Information Technology to determine the extent of the breach and rectify the situation.

“Government systems and your personal systems are all in some ways under attack every day,” Pritzker added. “There are cybersecurity needs that people need to follow in their personal lives with their personal devices (or) their office business devices, and in government, we're all trying to do that at the same time there are foreign actors as well as domestic hackers that are trying to get in.”

“It's a constant battle but we have a pretty good team that's fighting it, and I know the Attorney General's Office is working very hard to reverse the damage that was done,” he said.

Capitol News Illinois is a nonprofit, nonpartisan news service covering state government and distributed to more than 400 newspapers statewide. It is funded primarily by the Illinois Press Foundation and the Robert R. McCormick Foundation.