Threat actors have recently tried to hack the FOID website, the platform belonging to the Illinois State Police, trying to obtain many confidential data through this FOID website breach attempt. The website was taken down a bit for investigation and mitigation measures, but now it is back online and accepts applications.
FOID Website Breach Attempt: Explaining What Is FOID
FOID stands for Firearm Owners Identification and it’s a notion related to the U.S. state of Illinois. In this respect, residents who want to possess or buy firearms must have a FOID card. This demonstrates that the arm they own is legally registered. To get this kind of card, people should submit an application. This can be done on the FOID website or through a procedure for filling out a paper application.
What Is the FOID Website Breach Attempt About?
The Illinois State Police has declared in a recent statement that
The FOID website software vendor, working with ISP, recently determined unauthorized persons were attempting to use this type of previously unlawfully obtained personal information to match with and access existing FOID online account information to add further detail to their existing stolen data.
The software vendor conducted an investigation on the possible data leakage following the cyberattack. In the same declaration, it’s confirmed that no false FOID cards have been distributed or produced, the ISP (Illinois State Police) database was not affected at all and also the inquiry determined that no authorized attempt was detected to try to fraudulently submit an application for this kind of card.
What Is the Impact Though?
In relation to the same declaration, hackers might have gained access to existing accounts by making use of data they stole during other previous data breaches. This action possibly let or not hackers obtain relevant data, such as the social security number last four digits by accessing unique auto-populated personal identifiers. However, this information was not confirmed, being just a supposition regarding the consequences of the FOID website breach attempt The number of the users who might have been impacted rose to 2067, and everyone possibly affected was notified by the authorities. Additionally, they received a free new card as compensation.
What Mitigation Measures Have Been Carried Out?
Following the breach attempt on the FOID website, mitigation measures were immediately implemented:
- Security measures were taken regarding the online account parameters: they were improved.
- The use and access of private information applicants use to submit are now limited.
- A two-factor authentication method was put in place: users will receive a text message to confirm the validity of their identity when trying to access their account.
- Where possible illegal access was determined, users have been issued a new card, the present one being terminated.
There is a delay in processing applications, but measures were taken against this matter too. J.B. Pritzker signed legislation intended to restore and modernize the system, complemented by the supply of additional resources.
Hacking Attempts Not New
According to public notification, hacking attempts are not a new topic though for Illinois. Back in April, a ransomware attack affected the office of the Illinois Attorney General. Mail and document servers were encrypted, but the office decided not to pay the ransom the hackers asked in exchange for releasing the stolen data. The result? Employees needed to create new e-mail addresses and it’s said that this led to financial loss, because the issue has not been solved until the present time.