Data Breach Information

Recently, current and former IDOT employees received direct notice and information via a letter mailed to their homes about a data breach that was discovered on April 14, 2022.  Please note that the information contained on this webpage in the webinar presentation linked here only applies to those who received this direct notification.

What happened? From April 6, 2022 through April 14, 2022, a file containing personal information of current and former IDOT staff was inadvertently placed on IDOT’s internal website, InsideIDOT.  InsideIDOT can only be accessed by current employees of IDOT. The file was not readily available nor visible to users of InsideIDOT, but it was not properly restricted.  

What did the State do to respond to this incident? Upon discovering the file, IDOT promptly removed the file from InsideIDOT and began investigating the cause of this incident.  IDOT coordinated its investigation with the Department of Innovation and Technology (DoIT).  DoIT assisted IDOT in analyzing the number of times the file had been accessed, the time frame of the file’s availability, and whether anyone accessed the file.  There is no conclusive evidence anyone saw or viewed any personal information apart from the original discovery and subsequent investigation.   It was determined the root cause of the incident was human error.  We have reexamined our internal processes regarding the use and scope of use of personal information. We also have developed and will provide additional training for employees who handle such information.

What information was potentially visible?  The information in the file included first and last names, social security numbers and depending on the start date of employment with IDOT, employee identification numbers.  No other data points were part of the file.

What can you do? Please review the webinar information for additional details on protecting your personal information. You may also send any specific questions to DOT.privacy@illinois.gov.  A toll-free number, 833-491-2480, also will be available until July 15, 2022, Monday through Friday, from 8 a.m. to 4:30 p.m., for any questions those affected by the breach may have.  Please note that representatives will only be able to answer questions specific to this privacy incident.

How to Update Contact Information:  Retirees or ex-employees who wish to update contact information with the Department should contact their HR liaison (Administrative Manager) to update their address.  If the HR liaison is not known, a former employee can contact Carrie Held (carrie.held@illinois.gov) or Bobbie Fults (bobbie.l.fults@illinois.gov) to provide updated information. 

To update information with the State Employees Retirement System, retirees should contact SERS directly at 217-785-7444 or sers@srs.illinois.gov.

Retention of Social Security Numbers:  IDOT must maintain personnel files, which include social security numbers, in compliance with federal and state statutes and Department record retention policies.  IDOT is not able to redact or delete information from these files.  IDOT is committed to limiting use of full social security numbers except where legally required.