Trent--I had not considered the FOID card number wrinkle--thanks for mentioning. I am not overly worried, I've had this sort of thing happen before minus the FOID info. Canceling FOID and CCW number in Illinois these days would be a nightmare requiring you to put on multiple sock puppet shows for low-level functionaries already ground down by the current political situation in the state. I'm holding off for now but please pass on any info you gleen---thanks! Mike B. (aka Neo-Luddite)
I'll call the state police on Monday, and get a verdict. Didn't have time today as I had to work two jobs, covering for another employee on vacation.
I don't *THINK* this will be enough to cause them to invalidate FOID's, but you never know. FOID #'s are freely tossed about between people on private sales all day long, as now required by state law, as well as shown to anyone who asks at gunshows (private citizen or dealer). The only difference here is "someone we don't know" has our FOID # and expiration dates.
Well, heck, there's plenty of people I've known for all of 5 minutes have seen my FOID# and expiration date.
Yes, that personally identifiable information IS used to create accounts on the IL website for concealed carry licensing, BUT the only address that is going to get sent to is what is on your FOID. So even though they'll know your height, weight, etc to set up a digital IL identification, I don't think there's any risk of fraudulent concealed carry licenses being issued since they only ship those to the actual address on the card, with no exceptions.
Plus, you'd need the SSN to do anything on the Illinois websites using digital ID's. The height / weight / etc on the license is only an additional factor used to authenticate you. To properly exploit those systems you'd need the Drivers license (and/or FOID), PLUS SSN, which wasn't released.
Anyway, I hope to heck this doesn't cause a wrinkle with FOID, because if it does it'll be pretty damn expensive for folks with FCCL. FOID replacement is pretty cheap, but FCCL replacement, no so much. That's damned expensive!
Without SSN, hopefully there's nothing that will come of this, for anyone.
However, if the bad guys have SSN from another source (different hack such as healthcare.gov, US department of labor hack, any number of thousands of other commercial hacks, etc), it could spell big trouble as they'd not only have your SSN but ALSO every other bit of information they'd need correlated together, to do serious damage with identity theft, fraudulent tax returns, etc, etc.
To a group (Russian Mafia, Nigerians, Brazilians, Chinese, etc) who have turned hacking for profits in to a national industry, those images scraped off of AIM could turn in to a very big payday.