REPORT DIGEST

ILLINOIS FINANCE AUTHORITY

FINANCIAL AUDIT
FOR THE YEAR ENDED JUNE 30, 2024

Release Date:  January 9, 2025

FINDINGS THIS AUDIT: 1

CATEGORY:  NEW -- REPEAT – TOTAL
Category 1:  0 -- 1 -- 1
Category 2:  0 -- 0 -- 0
Category 3:  0 -- 0 -- 0
TOTAL:  0 -- 1 -- 1

FINDINGS LAST AUDIT: 1

State of Illinois, Office of the Auditor
General
FRANK J. MAUTINO, AUDITOR GENERAL

To obtain a copy of the Report contact:
Office of the Auditor General, 400 West
Monroe, Suite 306, Springfield, IL
62704-9849
(217) 782-6046 or TTY (888) 261-2887

This Report Digest and Full Report are also
available on the worldwide web at
www.auditor.illinois.gov

INTRODUCTION

This digest covers the Illinois State
Finance Authority’s (Authority) Financial
Audit as of and for the year ended June 30,
2024.
SYNOPSIS

• (24-1) The Authority experienced a network
security incident that involved an
unauthorized party  gaining access to the
Authority’s network environment.


FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS

CYBERSECURITY INCIDENT INVOLVING
UNAUTHORIZED ACCESS

The Illinois Finance Authority (Authority)
experienced, on or about November 6, 2023, a
network security incident that involved an
unauthorized party gaining access to the
Authority’s network environment. Upon
detecting the incident, the Authority
disabled all access to the network and
through its outside counsel, engaged a
specialized third-party forensic response
firm to assist with securely restoring the
network environment and investigating the
extent of unauthorized activity.

The Authority completed its investigation
and determined that it appeared that the
unauthorized third party acquired data from
the Authority’s network which appeared to
contain certain personal information. The
Authority then worked to provide written
notices to the impacted individuals as
required by law of the appropriate
jurisdictions.  To date, the Authority is
not aware of any claims resulting from the
incident.

The incident, which involved unauthorized
access to the Authority’s environment,
resulted in the loss of data. (Finding 1,
page 74)

We recommended the Authority to continue to
strengthen network controls to reduce the
likelihood of unauthorized access occurring
in the future.

The Authority accepted the finding.

AUDITOR’S OPINIONS

The auditors stated the financial statements
of the Authority as of and for the year
ended June 30, 2024 are fairly stated in all
material respects.

This financial audit was conducted by RSM US
LLP.

JANE CLARK
Division Director

This report is transmitted in accordance
with Section 3-14 of the Illinois State
Auditing Act.

FRANK J. MAUTINO
Auditor General

FJM:TLK