ILLINOIS — The Illinois State Police are notifying about 2,000 Illinoisans with Firearm Owners Identification cards that their personal information may have been compromised in a hack of the agency’s Police FOID card portal.

The backlog-plagued system was hit with a cyberattack, ISP confirmed Thursday.

“Out of necessity, some of the online account parameters put in place for ease of use and convenience years ago have been appropriately modified and tightened to prevent unauthorized users from attempting to further expand the extent of the identify fraud,” the police agency reported.

Find out what’s happening in Across Illinois with free, real-time updates from Patch.

State Rep. Tim Butler, R-Springfield, said the thieves were looking for additional personal information.

“They were using some data that had potentially been out there in other hacks and they were trying to gather further information on someone’s identity,” Butler told WMAY Friday. “And no false FOID cards went out, or anything like that.”

Find out what’s happening in Across Illinois with free, real-time updates from Patch.

Illinois State Police officials said the information of about 2,000 FOID cardholders, or about .0008% of the total number of FOID cardholders in the state, may have been accessed in the attempted hack. Those people will be contacted, the agency said in a news release.

Cybersecurity consultant John Bambenek said the hack raises not just concerns about cybersecurity, but also physical security.

“I’d rather there not be a database somewhere of gun owners and their addresses,” Bambenek said. “It doesn’t take that much imagination to figure out how that information can be used in ways that increase the risk to those persons.”

Bambenek said the hack is the latest in a string of attacks targeting government cyber infrastructure and officials should take steps to beef up security. But, he said it appeared the agency caught the hack early.

“It sounds like they’ve done their research, there’s specificity in the report,” Bambenek said. “They’ve taken some proactive measures.”

Illinois State Police officials said in response to the hack, they are “restricting the use and access of personal information that FOID card applicants submit in their online FOID account that could match Illinois resident personal identification information unlawfully obtained from any number of previous cyber breaches,” according to a news release.

Butler said he’d rather the FOID card be done away with altogether, calling it an impediment for people to be able to exercise their Second Amendment rights, but if it’s required, state officials must make it secure.

“I have a lot of logins where I use two-factor authentication,” Butler said. “So I’m getting text on my cell phone, or I’m getting an email directly to my email with an additional number that I have to plug in as another safety factor and think that’s where we have to go with this stuff.”

Agency officials said they continue working with other law enforcement agencies to further investigate the origins of the hack.

The hack follows other recent cyberattacks on state government agencies like the Illinois Attorney General’s office and the Illinois Department of Employment Security, something Bambenek said must be a wake-up call to all levels of government.

“Breaches happen and attacks happen, but government needs to continue to operate,” Bambenek said. “The Attorney General of the state of Illinois can’t take six months off doing the job. So, they need to have plans on how to respond and recover from these incidents in a reasonable timeframe.”

By Greg Bishop |, The Center Square

The focus of the work of The Center Square Illinois is state- and local-level government and economic reporting that approaches stories with a taxpayer sensibility. For more stories from The Center Square, visit

The rules of replying:

  • Be respectful. This is a space for friendly local discussions. No racist, discriminatory, vulgar or threatening language will be tolerated.
  • Be transparent. Use your real name, and back up your claims.
  • Keep it local and relevant. Make sure your replies stay on topic.
  • Review the Patch Community Guidelines.