Individual and Family Support (IFSP) Data Breach Information Page

Home  » Individual and Family Support (IFSP) Data Breach Information Page  »

Coronavirus (COVID-19) Response • Have you downloaded COVIDWISE, Virginia's COVID-19 exposure notification app? Add your phone to the fight here. For up-to-date information, assistance, and resources from across state government, click here.


On October 1, 2019, personal information of some applicants for Individual and Family Support Program (IFSP) funding may have been seen by other applicants through the IFSP Funding Portal. DBHDS discovered the breach within 16 minutes after the IFSP Funding Portal was opened to receive applications and immediately took the Portal offline.

DBHDS has contacted all impacted individuals and provided additional information via postal mail.

Personal information of some applicants may have been visible to other applicants who were logged into the IFSP Funding Portal. The personal information that was visible to other applicants includes name, mailing address, email address, phone number, date of birth, or the last 4 digits of a social security number.

Full social security numbers, driver’s license numbers, credit card numbers, health diagnoses, insurance information, and banking information were not visible to other applicants at any time.

As a preventive measure, we suggest you closely monitor your financial accounts and credit reports and contact your financial institution immediately if you see any unauthorized activity. Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission recommends that you check your credit reports periodically. Additional information on how to secure your personal data can be found by visiting https://www.identitytheft.gov/Info-Lost-or-Stolen.


You may also choose to place a fraud alert on your credit report by contacting the following major credit bureaus:

We have taken a number of steps to investigate this breach and prevent any potential harm to applicants. In addition to taking the IFSP website offline, DBHDS technical staff and the Virginia Information Technologies Agency have examined incident data to determine the cause of the data breach and correct identified issues and are implementing measures to restore the IFSP Portal to a secure, operational state.

For questions, concerns or additional information, please contact IFSPcommunity@dbhds.virginia.gov.


Frequently Asked Questions

Q. I received a letter stating that my information was exposed. What does that mean?
A. On October 1, 2019, the IFSP Funding Portal, the system that applicants use to submit a request for Virginia’s Individual and Family Support Funding assistance, experienced a system error. As a result, the personal information of some applicants who were logged into the IFSP Funding Portal and had submitted a funding request may have been seen by other individuals who were also logged into the Portal between 9:00 a.m. – 9:16 a.m. on October 1, 2019.

If you received a letter, your personal information may have been visible to other applicants who were logged into the IFSP Funding Portal. The personal information that was visible to other applicants includes name, mailing address, email address, phone number, date of birth, or the last 4 digits of a social security number. Although DBHDS knows what information was visible to other applicants, DBHDS cannot determine if other applicants actually saw your information. Full social security numbers, driver’s license numbers, credit card numbers, health diagnoses, insurance information, and banking information were not visible to other applicants at any time.

Q. Do you have any information about the IFSP Funding Portal and when it will be back on-line?
A. DBHDS technical staff and the Virginia Information Technologies Agency (VITA) are working to implement measures to restore the Portal to a secure, operational state. When the system is back on-line, DBHDS will make an announcement via the IFSP Program Listserv.

Q. When did this incident occur?
A. The system error occurred between 9:00 a.m. – 9:16 a.m. on October 1, 2019.

Q. Why was there a delay between the incident and notifying me that this happened?
A. Once the system error was discovered, DBHDS took a number of steps to investigate this breach and prevent its reoccurrence. The investigation required time to collect certain information which was not available at the start of the incident. DBHDS technical staff and VITA have examined incident data to determine the cause of the data breach and correct identified issues and are implementing measures to restore the IFSP Portal to a secure, operational state.

Q. Whose information was compromised?
A. The personal information of some applicants who were logged into the IFSP Funding Portal and had submitted a funding request for review between 9:00 a.m. – 9:16 a.m. on October 1, 2019, may have been seen by other individuals.

Q. What specific information was possibly visible to others?
A. The personal information that was visible to other applicants includes name, mailing address, email address, phone number, date of birth, or the last 4 digits of a social security number. Although DBHDS knows what information was visible to other applicants, DBHDS cannot determine if some applicants actually saw the personal information of other applicants. Full social security numbers, driver’s license numbers, credit card numbers, health diagnoses, insurance information, and banking information were not visible to other applicants at any time.

Q. How many persons were impacted?
A. Based on our investigation, we have determined that 1,442 individuals were impacted.

Q. Do you suspect that my information has been used fraudulently?
A. DBHDS cannot determine if applicants’ personal information was actually seen by other applicants. As a preventive measure, we suggest you closely monitor your financial accounts and credit reports and contact your financial institution immediately if you see any unauthorized activity.

Q. Has anyone been adversely affected as a result of their information being exposed?
A. We have no evidence that anyone has been adversely affected.

Q. Should I close my bank account?
A. There were no bank account numbers included on your application file. As a preventive measure, we suggest you closely monitor your financial accounts and credit reports and contact your financial institution immediately if you see any unauthorized activity.

Q. Should I close my credit card or other accounts?
A. No credit card numbers or other account number information was contained in our system. As a preventive measure, we suggest you closely monitor your financial accounts and credit reports and contact your financial institution immediately if you see any unauthorized activity.

Q. Is there a website I can go to for addition information?
A. Yes, please visit www.dbhds.virginia.gov/developmental-services/ifsp-data-breach for additional information.


FY2020 October 1st Incident Updates

FY2020 Summary