Illinois State Police Strengthen FOID Cybersecurity Measures

[Molly B.]

Illinois State Police Strengthen FOID Cybersecurity Measures in Response to Identify Theft Attempts

 

The Illinois State Police have added additional online security requirements to the FOID online application system to deter and disrupt cyber security threats and identify theft. Specifically, the ISP is restricting the use and access of personal information that FOID card applicants submit in their online FOID account that could match Illinois resident personal identification information unlawfully obtained from any number of previous cyber breaches. This personal information did not come from ISP systems and servers.

 

Thousands of cyber breaches, unrelated to ISP systems and servers, have occurred nationally and globally which did or could impact Illinois residents. Government sites are routinely the target of identity theft and other cyber threats. The FOID website software vendor, working with ISP, recently determined unauthorized persons were attempting to use this type of previously unlawfully obtained personal information to match with and access existing FOID online account information to add further detail to their existing stolen data.

 

An investigation by the software vendor with ISP determined no FOID card has been fraudulently issued, nor has any unauthorized user attempted to complete the process to obtain a FOID card, nor was any ISP database breached. There is no known ransomware attack or cyberattack on ISP systems at this time.

 

The software vendor determined that using previously stolen personal data to access existing accounts, unauthorized users may or may not have accessed additional “auto populated” personal identifiers unique to that account and card such as the last four of a social security number. 2067 FOID card holders, less than .0008 % of total card holders, were possibly impacted by these attempts. In accordance with state law and out of an abundance of caution, all affected persons were sent notice and issued a new card at no cost.

 

Just as when credit card information is unlawfully used, the potential unauthorized access was identified, the current card cancelled and a new one immediately issued to the affected FOID card owner.

 

Out of necessity, some of the online account parameters put in place for ease of use and convenience years ago have been appropriately modified and tightened to prevent unauthorized users from attempting to further expand the extent of the identify fraud.

 

We appreciate the patience of the public, but these additional security measures are necessary to protect personal data as a wave of cyber security threats reverberate around the world. No online system is completely impenetrable, and upgrades to all states systems must and will continue, but we remain vigilant. ISP treats information and personal data security very seriously. While the ISP does not yet know the source of the personal information used in the unauthorized access of accounts, and while there are countless unlawful uses of personal information acquired illegally online around the world every day, the ISP continues to investigate with our federal partners and to monitor the FOID system to ensure the highest level of security for personal information. ISP values the protection of your personal information and continues to take all reasonable efforts to protect your confidentiality and security.

 

The site is currently up and accepting applications.

 

[Smallbore]

Yes, it is up and running foid renewal people into the ground. We now have three clients this week who tried to renew their foid cards. They had forgotten their log in info. Tried several times using what they thought was might be right. System locked them out requiring a call in. We all know how futile that is. They came to my wife asking for help. Nothing she can do now. She could have gotten in if they had come to her first. Typical government that locks out people with no means provided to unlock them.

The calls gets a two hour menu with many multiple choices. This morning my wife suffered through a long menu then waiting on line for 30 minutes just to have system drop the call.

This is the government that so many people trust to protect them from crime and sickness.

[RECarry]

There were more important things (cronies) to spend the hijacked $30 million on than the cyber security and physical security of Constitutionalists.

[lilguy]

The state received billions in bail out money. This is no longer a they stole 30 million and the system collapsed.fraud story. This is an attempt at gun control by other means.

[mab22]

They caught someone messing around, the sentence your looking for is.

 

The FOID website software vendor, working with ISP, recently determined unauthorized persons were attempting to use this type of previously unlawfully obtained personal information to match with and access existing FOID online account information to add further detail to their existing stolen data.

[mrmagloo]

No doubt, the ISRA was neutral on the issue.

[Flynn]

On 8/6/2021 at 8:54 AM, mrmagloo said:

No doubt, the ISRA was neutral on the issue.

 

[bmyers]

My daughter is having the same issue. She is trying to renew, it is telling her she has to call in. She calls waits on hold and no one ever answers. 

 

I guess the next step it to contact our local rep and senator and see if they can accomplish anything. 

[Molly B.]

44 minutes ago, bmyers said:

My daughter is having the same issue. She is trying to renew, it is telling her she has to call in. She calls waits on hold and no one ever answers. 

 

I guess the next step it to contact our local rep and senator and see if they can accomplish anything. 

How long has it been doing this?  I would suggest she wait a week and try again. 

[bmyers]

21 minutes ago, Molly B. said:

How long has it been doing this?  I would suggest she wait a week and try again. 

She tried twice last week. I told her when I get off work and she gets home we can try again tonight. 

[Molly B.]

47 minutes ago, bmyers said:

She tried twice last week. I told her when I get off work and she gets home we can try again tonight. 

Last week was not a good week to be trying, hopefully working better this week.

[bmyers]

1 hour ago, Molly B. said:

Last week was not a good week to be trying, hopefully working better this week.

We will give it a try tonight and see how the system is working, thanks.

[JTHunter]

The last time I had to renew (in 2011), none of this computerized "clap-trap" was necessary.  I just got a notice from them in the mail and returned it with my paper check.

NOW, I have to risk my credit account (and my sanity), pay more ("convenience" fee), and wait even longer.

Can anybody tell me if, as a first time online user of this renewal process, exactly WHAT do I need to have on hand to attempt to do this process in a single time?

[Hatchet]

I gotta renew soon. Hope I don't hit any new bugs in their system. What a waste of a ssytem.