OLYMPIA — Buyers of state hunting and fishing licenses whose personal information might have been compromised by a data breach will be notified and will receive identity protection services, officials of the state Department of Fish and Wildlife announced.
Active Network, the department’s online hunting and fishing license sales vendor, has agreed to mail information as soon as possible to an estimated 1.5 million people who created customer profiles in the license system before July 2006, said Peter Vernie, licensing division manager for the state Department of Fish and Wildlife, on Friday.
Personal information for approximately 2.4 million license buyers might have been compromised in the breach, but fewer people than that will be notified, he said.
For example, some former customers have died while others’ profiles do not include enough information to enable the vendor to contact them, he said.
Vernie said Active Network also has agreed to provide a customer call center and identity protection services to those whose data was potentially compromised. Details of those services will be provided in the notification letters, according to Active.
About two weeks ago, fish and wildlife agencies in Washington, Idaho and Oregon received messages from a person who claimed to have accessed customer data in the three states’ systems, which are all operated by Active Network.
Investigation confirmed that Washington’s system vulnerability had been exploited to access personal information provided by customers who bought licenses before mid-2006.
Information added to those accounts since then is also vulnerable, investigators reported.
Vulnerable information for Washington customers includes names, addresses, dates of birth and the last four digits of their Social Security numbers. Some customers’ driver’s license numbers also were accessed, but there is no indication that credit card or other financial data was exposed, state officials said.
At this time, investigators do not believe personal data is at risk for customers who made their first license purchase after June 2006. About 60 percent of the 6.6 million license customers fall into this category, the state said.
Active Network told the state that within 15 hours of learning of the breach, the vendor conducted a security sweep of the system and released an update to address the threat. The company said it also arranged for a review by an independent cybersecurity firm.
The state halted online license sales Aug. 22 and suspended all license transactions the following day and restored sales through its network of about 600 retail vendors Aug. 27. Telephone sales were resumed last Monday.
The investigation into the data breach is ongoing, and online license sales remain suspended.
For more information, see http://wdfw.wa.gov/licensing/wild_system/.