Customers of the Illinois Department of Public Health may have had personal information exposed in a hack of an employee's email.
IDHS said it experienced a "privacy breach" through a phishing campaign that was sent to employee emails April 25.
Hackers gained access to files that included Social Security numbers of 4,701 customers and three employees, IDHS said. Hackers also accessed public assistance information for more than 1.1 million customers.
That information included name, public assistance account number, some combination of address, date of birth, Illinois State Board of Education Student Information System ID number, Recipient Identification Number and cellphone number.
IDHS said it worked with the Illinois Department of Innovation and Technology to investigate the extent of the breach and to determine which individuals were included.
Written notices were sent to all customers and employees whose information was accessed.