Jump to content

Fixed?


Rangerdeepv

Recommended Posts

Statement from ISP:

 

 

 

 

Illinois State Police Strengthen FOID Cybersecurity Measures in Response to Identify Theft Attempts

 

The Illinois State Police have added additional online security requirements to the FOID online application system to deter and disrupt cyber security threats and identify theft. Specifically, the ISP is restricting the use and access of personal information that FOID card applicants submit in their online FOID account that could match Illinois resident personal identification information unlawfully obtained from any number of previous cyber breaches. This personal information did not come from ISP systems and servers.

 

Thousands of cyber breaches, unrelated to ISP systems and servers, have occurred nationally and globally which did or could impact Illinois residents. Government sites are routinely the target of identity theft and other cyber threats. The FOID website software vendor, working with ISP, recently determined unauthorized persons were attempting to use this type of previously unlawfully obtained personal information to match with and access existing FOID online account information to add further detail to their existing stolen data.

 

An investigation by the software vendor with ISP determined no FOID card has been fraudulently issued, nor has any unauthorized user attempted to complete the process to obtain a FOID card, nor was any ISP database breached. There is no known ransomware attack or cyberattack on ISP systems at this time.

 

The software vendor determined that using previously stolen personal data to access existing accounts, unauthorized users may or may not have accessed additional “auto populated” personal identifiers unique to that account and card such as the last four of a social security number. 2067 FOID card holders, less than .0008 % of total card holders, were possibly impacted by these attempts. In accordance with state law and out of an abundance of caution, all affected persons were sent notice and issued a new card at no cost.

 

Just as when credit card information is unlawfully used, the potential unauthorized access was identified, the current card cancelled and a new one immediately issued to the affected FOID card owner.

 

Out of necessity, some of the online account parameters put in place for ease of use and convenience years ago have been appropriately modified and tightened to prevent unauthorized users from attempting to further expand the extent of the identify fraud.

 

We appreciate the patience of the public, but these additional security measures are necessary to protect personal data as a wave of cyber security threats reverberate around the world. No online system is completely impenetrable, and upgrades to all states systems must and will continue, but we remain vigilant. ISP treats information and personal data security very seriously. While the ISP does not yet know the source of the personal information used in the unauthorized access of accounts, and while there are countless unlawful uses of personal information acquired illegally online around the world every day, the ISP continues to investigate with our federal partners and to monitor the FOID system to ensure the highest level of security for personal information. ISP values the protection of your personal information and continues to take all reasonable efforts to protect your confidentiality and security.

 

The site is currently up and accepting applications.

 

 

 

Link to comment
Share on other sites

In 2015, the Chinese government hacked the US Office of Personnel Management, collecting information (including security clearances) for approximately 22 million current, former, and prospective government employees.

 

In 2017, the Chinese government hacked Equifax, collecting information on approximately 147 million Americans.

 

Meanwhile, virtually every major American corporation "off-shores" the data it keeps on its employees and customers (i.e., us) to Chinese data centers, where it is available to the Chinese government.

 

While I'm disinclined to think that the Chinese care about the FOID systems, the information that identifies us is out there.

 

Meanwhile, cell phones are among the most frequently stolen items in the world, including in the US. The least secure method of 2FA is to send a text to a "registered" cell phone number, which BTW can also be cloned, no phone required.

Link to comment
Share on other sites

Kwame Raoul reported in April that his office was the subject of a ransomware attack. It's believed to have originated in Russia. ABC7 reported in May that the attack was ongoing, adding that

 

"Illinois Attorney General Kwame Raoul received a scathing report just two months before the attack. The state audit cited "weaknesses in cybersecurity programs and practices," that they hadn't performed a comprehensive formal risk assessment or classified data to establish the types of information most susceptible to attack to ensure adequate protection. It also found unidentified risk and vulnerabilities susceptible to cyber attacks and unauthorized disclosure."

 

​It's difficult to believe that the Attorny General's system is so isolated from other state servers that additional breaches coudn't occur.

Link to comment
Share on other sites

Maybe it would behove the ISP to start a batch process of ALL currently in process FOIDS.

Clear the backlog and start fresh with updated software etc.

If need stop any new apps and clear out. A slight delay of say a week or two in those trying to apply could be small potatos compared to the current situation.

 

Clean up your mess and then get it right!

Link to comment
Share on other sites

Nothing but respect and gratitude to the ISP or any LEO for that matter. The issue is with this state's legislature and overreaching laws. Most of the LEO's do the most with the least as they are constantly being thrown under the bus by the very people who are supposed to support them yet they still carry their responsibility with great pride and respect.

 

A plastic card to employ a U.S. Constitutional guaranteed right? That is the issue we face and needs to be rectified. The other part.........now we are not allowed to sell private property of minimal value when compared to a home or car without an FFL recording and keeping records?

 

Say Thank You to any LEO for their service and dedication and vote out the miscreants in the state house.

Link to comment
Share on other sites

Maybe it would behove the ISP to start a batch process of ALL currently in process FOIDS.

Clear the backlog and start fresh with updated software etc.

If need stop any new apps and clear out. A slight delay of say a week or two in those trying to apply could be small potatos compared to the current situation.

Clean up your mess and then get it right!

 

Just quit playing games with renewals — they check every night to determine if existing FOID holders are still eligible. When a renewal comes in all they need do is check the latest run and issue/deny the renewal based upon it. The process should be damn near automatic. They’d have plenty of time to process new apps.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...