Attorney General Lisa Madigan created the first-ever Illinois Identity Theft Hotline. The hotline provides Illinoisans who have been victimized by identity theft with one-on-one assistance as they work to report the crime to local law enforcement and financial institutions, repair their credit, and prevent future problems.
If you have been the victim of identity theft or believe your personal or financial information may have been compromised, please call the toll-free Identity Theft Hotline at: 1-866-999-5630 or 1-877-844-5461 (TTY).
In addition, the following documents may help answer your questions concerning identity theft and the recovery process:
The following links can be used to learn more about privacy and identity theft. Please note that by clicking on one of these links, you will be leaving the Attorney General's website and will be directed to a new website. The Attorney General's office is not responsible for the content on any of the following websites.
Effective January 1, 2017, Illinois law requires certain businesses and state government agencies that experience a data security breach to provide notice to the Illinois Attorney Generalís Office in addition to providing breach notification to affected Illinois residents. To assist them in complying with this requirement, the Illinois Attorney Generalís Office has created a dedicated email address for breach reporting To report a data security breach, please email firstname.lastname@example.org.
To discuss a data security breach or security event that has or may trigger breach notification to Illinois residents, or to submit a consumer breach notification template or information about an offer of credit monitoring or fraud detection services, please email email@example.com or contact the Attorney Generalís office at 1-800-243-0618 or 1-877-844-5461 (TTY).
Pursuant to the Illinois Personal Information Protection Act, 815 ILCS 530/1 et seq., any entity that conducts business in the State of Illinois, and for any purpose, handles, collects, disseminates, or otherwise deals with nonpublic personal information, is required to disclose, in the most expedient time possible and without unreasonable delay, a data security breach of personal information concerning Illinois residents.
Additionally, those data collectors covered under ß12(e) and ß50 of this Act must notify the Illinois Attorney Generalís Office as follows:
Sec. 12(e) Notice to the Attorney General by State Agencies.
Any State agency that suffers a single breach of the security of the data concerning the personal information of more than 250 Illinois residents shall provide notice to the Attorney General of the breach, including:
The types of personal information compromised in the breach.
The number of Illinois residents affected by such incident at the time of notification.
Any steps the State agency has taken or plans to take relating to notification of the breach to consumers.
The date and timeframe of the breach, if known at the time notification is provided.
Such notification must be made within 45 days of the State agencyís discovery of the security breach or when the State agency provides any notice to consumers required by this Section, whichever is sooner, unless the State agency has good cause for reasonable delay to determine the scope of the breach and restore the integrity, security, and confidentiality of the data system, or when law enforcement requests in writing to withhold disclosure of some or all of the information required in the notification under this Section. If the date or timeframe of the breach is unknown at the time the notice is sent to the Attorney General, the State agency shall send the Attorney General the date or timeframe of the breach as soon as possible.
Sec. 50. Entities subject to the federal Health Insurance Portability and Accountability Act of 1996.
Any covered entity or business associate that is subject to and in compliance with the privacy and security standards for the protection of electronic health information established pursuant to the federal Health Insurance Portability and Accountability Act of 1996 and the Health Information Technology for Economic and Clinical Health Act shall be deemed to be in compliance with the provisions of this Act, provided that any covered entity or business associated required to provide notification of a breach to the Secretary of Health and Human Services pursuant to the Health Information Technology for Economic and Clinical Health Act also provides such notification to the Attorney General within 5 business days of notifying the Secretary.
Please include the following in any OAG breach notification to simplify the process and minimize the need for the Illinois Attorney Generalís Office to request additional information: