September 21, 2020
The Illinois State Police has announced a data breach incident affecting its Firearm Owners Identification (FOID) database, a portal where every firearms or ammunition holder who is a resident of Illinois must register onto. According to the announcement, the portal went under attack by hackers who sought unauthorized access and compromised 2,000 gun owners from the state. In response to this, the police implemented additional access restrictions and tightened the checks to prevent any further abuse.
Each of the 2,000 FOID card owners who have had their details exposed is now being personally notified by the state police. The data that these people had to submit in order to register on FOID and get their card includes an ID card or a driver’s license and a recent head and shoulder photograph. Also, they need to cover a registration fee of $10, but payment details such as credit card information aren’t supposed to be stored in the FOID database, so that must be excluded from the leak.
Similar to the ‘Guns.com’ and also the ‘Guntrader.uk’ security incidents, the problem here is that criminals will get to know who possesses firearms and where they live. This significantly increases the risk of break-ins, with the purpose of stealing weapons that can be used by criminals or sold in the black market. Of course, access to guns in America is relatively open to everyone, but people still need to register their ownership to the authorities. Finally, the breach compromises citizens' privacy who may have preferred to keep their gun ownership a secret.
The state of Illinois has had several cybersecurity incidents lately, including a ransomware attack onto the Attorney General’s office in April 2021 and another one launched against the Illinois Department of Employment Security that took place in May 2020. Finally, the Illinois-based Fermilab network was breached by the ‘Sakura Samurai’ team earlier this year, and even if the infiltration wasn’t done with malicious intentions, it underlined the lack of proper security practices in a crucial public entity operating under the U.S. Department of Energy.
One thing worth noting is that there are about 146,500 registered guns in Illinois, so the percentage of the exposed individuals is roughly 1.4%. This is either success in real-time attack deflection systems or just a random fact attributed to limited server access from the hacker’s side.
The FOID card has been criticized by many people in Illinois, not because it constitutes a privacy risk but because it delays gun ownership. State Senator Darren Bailey has proposed eliminating the FOID program as it causes a lot of frustration. Maybe the recent security incident will give these critics another reason to shout against the FOID.