The Washington State Department of Licensing (DOL) reported a suspected breach of its online licensing system shortly after detecting suspicious activity.
The breach, which occurred on January 24, could have exposed personal information relating to potentially millions of licensed professionals.
As a precautionary measure, the DOL shut down the Professional Online Licensing and Regulatory Information System (POLARIS).
Vulnerability and patch management
Keep known vulnerabilities out of your IT infrastructure
The POLARIS system stores information on license holders and applicants. Besides processing, issuing and renewing professional and occupational license applications, the system accepts public complaints against license holders.
Depending on the type of license, its database may include social security numbers, dates of birth, and driver license numbers, among other personally-identifying information.
A DOL investigation is underway to determine whether POLARIS data was accessed and how many individuals may have been affected.
“At this time, we have no indication that any other DOL data was affected, such as driver and vehicle licensing information. All other DOL systems are operating normally,” DOL wrote in a blog post.
“We are working with the Office of Cybersecurity to protect the licensing data and bring POLARIS back online as soon as possible. With the support and assistance of nationally recognized cyber security experts, we are investigating what happened and what data and people may be affected.”
In addition, the agency said it would directly notify victims if their personal information had been accessed and provide further assistance. A hotline for questions was also launched by the DOL on Friday, February 4.
