[BreachExchange] State rental-assistance portal taken offline after coding error exposes personal info

[Terrell Byrd]

https://www.news-gazette.com/news/local/courts-police-fire/state-rental-assistance-portal-taken-offline-after-coding-error-exposes-personal-info/article_1fcdf780-f338-581f-94ca-8e412188f8a0.html

SPRINGFIELD — An online portal through which tenants affected by COVID-19
can apply for rental assistance from the state went offline for two days
last week after the discovery of a programming glitch that compromised some
personal information.

On Feb. 1, an applicant told a representative at the Illinois Housing
Development Authority’s call center that they saw someone else’s document
when they logged in to their rental application, agency spokeswoman Amy Lee
said.

“As soon as this information was brought to our attention, we took
immediate action to ensure the safety of our applicants was prioritized,”
Executive Director Kristin Faust said in a news release. “IHDA fiercely
guards the security of personal information in its possession and regrets
this incident.”

The portal went offline and all access to external users was blocked until
Feb. 3 while the agency identified and resolved the issue.

It found that the exposure of personal information was the result of a
coding error associated with an update to the portal, not hackers. The
processing of applications for rental assistance was not affected.

Tenants use the portal to apply to the Illinois Rental Payment Program,
which is funded using an allocation from the federal coronavirus relief act
signed by President Joe Biden in March.

The launch of the portal was delayed in November when testing found it
could not handle the expected heavy traffic. It was opened Dec. 6 but
stopped accepting applications Jan. 9. Though it is no longer accepting new
applications, it remains open until Feb. 17 so landlords can submit
supporting documents for existing applications.

The housing agency received more than 89,700 applications. Of those, 110
may have had their information compromised. Lee said there is no evidence,
anecdotal or otherwise, that there was any use of the information that was
compromised.

The code was fixed and thoroughly tested and the portal was back online
Feb. 3. The state incurred no additional costs to fix the error, Lee said.

Capitol News Illinois is a nonprofit, nonpartisan news service covering
state government and distributed to more than 400 newspapers statewide. It
is funded primarily by the Illinois Press Foundation and the Robert R.
McCormick Foundation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220210/5a5ff4e9/attachment.html>