The recent data breach targeting people with Northwest hunting and fishing licenses is unsettling.
But while everyone wishes the hack — or attempted hack, as the case may be — had never happened, there is some reassurance in knowing the state has two new offices that are in a position to protect the state’s data systems.
The governor’s office and the state Legislature created the Office of Cyber Security and the Office of Privacy and Data Protection in 2015.
Earlier this year, the state’s cyber security office was selected to participate in a pilot program with the U.S. Department of Homeland Security to help strengthen government databases and streamline defense efforts.
OCS officials say the agency is always on alert for potential threats to the state’s computer files.
As it happens, the latest trouble involved license records stored by a third-party, and not a state agency.
A hacker claims to have broken into the online vending system managed by Active Network, a Dallas-based company that manages online registrations for thousands of events, such as marathons, swim meets and summer camps.
The company also processes hunting and fishing licenses in Washington, Oregon and Idaho, and that is what the hacker apparently was after.
Company officials became aware of the attempted data breach and reportedly addressed the threat within 15 hours and hired a cyber security firm to analyze the system.
Meanwhile, Washington stopped selling licenses and temporarily allowed fishing and shellfishing without one.
Cyber security officials then worked with the Washington Department of Fish and Wildlife to check the security of other vendor sites. Online sales are still suspended, but licenses now can be purchased by phone or through retail vendors throughout the state because those systems have been deemed safe. State and federal law enforcement agencies are continuing to investigate the hack at Active Network.
State Fish and Wildlife officials say investigators do not believe personal data is at risk for customers who made their first license purchase after June 2006, which makes up 60 percent of the state’s 6.6 million licensed customers.
And while it appears no financial information was revealed, the names, addresses, birth dates, driver license numbers and the last four digits of Social Security numbers may have been exposed. Active Network officials said they will send letters to the people whose personal information might be at risk, and they also will provide data monitoring services for those customers.
It seems that’s the best the company officials can do for now. At least they have been transparent about the breach and how they are handling it.
In our digital age, the threat of hackers getting into computer systems is going to be a constant threat. This latest cyber attack is an example of just how much our online data needs protection.
The Office of Cyber Security is new and just getting going. Perhaps in the future it will be able to offer more protection to third-party sites handling information on behalf of state agencies. In the meantime, however, it is good to know the program is up and running already.