| Q. | I received your letter but I am not sure exactly what it means? |
| A. | One out of about 115 different computer servers within the Illinois Department of Financial and Professional Regulation which contained information about some of the licensees of the agency was hacked into by an unknown person. The server which was hacked into was used to test other computer programs in the agency and contained some information about licensees of the agency. We do not have any information to indicate that the portion of the server which maintained licensee information was breached at all. We do not have any information which would indicate that your personal information was compromised or stolen, but to be on the safe side we wanted to alert you so that you could take appropriate precautions.. |
| Q. | I saw a reference in your letter to the Department of Central Management Services – who are they and why did they have my information? |
| A. | The Department of Central Management Services is the state government agency responsible for maintaining most of the state government’s computer systems. While they maintain our computers, they do not have access to any of your information. |
| Q. | Why did you even have my personal information? |
| A. | You received a letter because you are or may have been a licensee of the agency, whose information was on the server. Information you provided to obtain or renew your license as a mortgage banker or broker, loan originator, real estate sales person, real estate broker, appraiser, home inspector, time share land sales personnel, auctioneer or pawnbroker was stored on this server. |
| Q. | I know someone that has the same license that I have and they got a letter and I did not. Why didn’t I get a letter, does that mean I don’t have an active license? |
| A. | There are two possible explanations of this:
|
| Q. | You sent a letter to my former address even though I called the department and made a change of address. Why aren’t your records updated? |
| A. | The letter was sent to the addresses on file on the computer server which was involved. If you moved and did not advise the department or if you changed your address within the past 6 to 8 months prior you may not have received a letter The information on the server involved was only for test purposes and did not maintain current information. |
| Q. | I have a professional license from the Division of Professional Regulation, was my information on that system as well? |
| A. | Only information regarding real estate professionals, mortgage bankers and brokers, loan originators and pawnbrokers was on the server that was hacked. Information about other licensed professionals is maintained on a different computer system and was not affected in any way. |
| Q. | I renewed my license with my credit card – was that information on the system as well? |
| A. | No. If you renewed your license with a credit card, you entered your credit card into an entirely different system maintained by an outside payment vendor. We intentionally designed our computer systems so as to not maintain licensee names and credit card numbers in the same system. |
| Q. | What are you going to do about this? |
| A. | We are actively working with law enforcement agencies to investigate what happened. We have isolated this computer server from all others and have doubled checked all of our other computer servers to verify sure they are secure. This review included having personnel from other agencies review the system. |
| Q. | Is there anything I should do to protect myself? |
| A. | It is always a good idea to periodically obtain a copy of your credit report to look for any new accounts that may have been opened that you did not authorize. Because of the possibility that someone may have information about you, now would be a good time to do so. The law authorizes each person to obtain a free copy of their credit report each year by visiting annualcreditreport.com or by calling (877) 322-8228. To protect yourself from the possibility of identity theft, we recommend that you place a fraud alert on your credit files. A fraud alert lets creditors know to contact you before opening new accounts. To place a fraud alert on your credit files, you should contact the three credit reporting agencies at the numbers shown below. You will then receive letters from the credit reporting agencies, with instructions on how to get a free copy of your credit report from each. Experian Equifax TransUnion When you receive your credit reports, please look them over carefully. You should look for accounts that you did not open. You should also look for inquiries from creditors that you did not initiate. You should also inspect the documents to look for personal information that is not accurate. If you see anything that you do not understand or does not appear to be accurate, contact the credit reporting agency at the telephone number on the report. |
| Q. | What if I notice something on my credit report that shouldn’t be there? |
| A. | You should make contact with the credit reporting bureaus and file a police department report if appropriate. |
| Q. | Where can I get more information on identity theft and how to protect myself? |
| A. | You can obtain information from the Federal Trade Commission by visiting their web site at www.ftc.gov or by calling them at 1-877-ID-THEFT |
| Q. | Can I put a freeze on my credit report so that it is not sent to other people? |
| A. | Yes. The Consumer Fraud and Deceptive Business Practices Act allows you to request that a credit report freeze be placed on your credit report. This will prohibit the report from being sent to anyone (except in certain specified instances) without your permission. There is no fee for this service for identity theft victims who provide a copy of the police report to the credit reporting agencies. With the notice sent to you the department attached a letter from the Illinois State Police is intended to allow you to request that a security freeze be placed on your credit report at no cost. |