License vendor to notify WDFW customers whose personal infor

Announcements about new WL offerings, contests, problems and other related items. Fishing Clubs post your announcements here.
Post Reply
User avatar
Larry3215
Admiral
Posts: 1804
Joined: Thu Aug 02, 2012 7:02 pm

License vendor to notify WDFW customers whose personal infor

Post by Larry3215 » Fri Sep 02, 2016 6:35 pm

WDFW NEWS RELEASE
Washington Department of Fish and Wildlife
600 Capitol Way North, Olympia, WA 98501-1091
http://wdfw.wa.gov/" onclick="window.open(this.href);return false;

Sept. 2, 2016

Contacts: WDFW licensing customer service: 360-902-2464;
Ellie Rutland, LEVICK for ACTIVE Network, 301-367-3441;
Bruce Botka, WDFW Public Affairs, 360-902-2262 or 360-902-2250

License vendor to notify WDFW customers whose personal information may have been compromised in data breach

OLYMPIA – Buyers of Washington state hunting and fishing licenses whose personal information may have been compromised by a data breach will be notified and will receive identity protection services, officials of the Washington Department of Fish and Wildlife (WDFW) said today.

ACTIVE Network, the department's online hunting and fishing license sales vendor, has agreed to mail information as soon as possible to an estimated 1.5 million WDFW customers who created "customer profiles" in the license system before July 2006, said Peter Vernie, WDFW Licensing Division manager.

Personal information for approximately 2.4 million license buyers may have been compromised in the breach, but fewer people will be notified, WDFW officials said. For example, some former customers have died while others' profiles do not include enough information to enable the vendor to contact them.

Vernie said ACTIVE Network also has agreed to provide a customer call center and identity protection services to those whose data was potentially compromised. Details of those services will be provided in the notification letters, according to ACTIVE.

About two weeks ago, fish and wildlife agencies in Washington, Idaho, and Oregon, received messages from a person who claimed to have accessed customer data in the three states' systems, which are all operated by ACTIVE Network.

Investigation by WDFW, the state Office of Cyber Security (OCS), and federal law enforcement agencies, in collaboration with ACTIVE, confirmed that Washington's system vulnerability had been exploited to access personal information provided by customers who bought licenses before mid-2006. Information added to those accounts since then is also vulnerable, investigators reported.

Vulnerable information for Washington customers includes names, addresses, dates of birth, and the last four digits of their Social Security numbers. Some customers' driver's license numbers also were accessed, but there is no indication that credit card or other financial data was exposed, WDFW officials said.

At this time, investigators do not believe personal data is at risk for customers who made their first license purchase after June 2006. About 60 percent of WDFW's 6.6 million license customers fall into this category.

A statement today from ACTIVE Network said within 15 hours of learning of the incident, the vendor conducted a "full security sweep" of the system and released an update designed to address the reported threat. The company said it also arranged for a review by an independent, highly regarded cybersecurity firm.

WDFW halted online license sales on Aug. 22 and suspended all license transactions the following day, while information technology specialists investigated the incident and the system's security.

The department restored sales through its network of about 600 retail vendors on Saturday, Aug. 27, and resumed telephone sales through its customer service center on Monday, Aug. 29. In both cases, OCS, WDFW, and external IT specialists tested the systems repeatedly to ensure their security. Vendor and telephone sales account for more than 80 percent of total license sales.

The investigation into the data breach is ongoing, and online license sales remain suspended. Additional information, including advice for people who are concerned about the security of their personal data, is available on WDFW's website at http://wdfw.wa.gov/licensing/wild_system/" onclick="window.open(this.href);return false;


Persons with disabilities who need to receive this information in an alternative format or who need reasonable accommodations to participate in WDFW-sponsored public meetings or other activities may contact Dolores Noyes by phone (360-902-2349), TTY (360-902-2207), or email (dolores.noyes@dfw.wa.gov). For more information, see http://wdfw.wa.gov/accessibility/reason ... quest.html" onclick="window.open(this.href);return false;.


--------------------------------------------------------------------------------
Top
User avatar
Mike Carey
Owner/Editor
Owner/Editor
Posts: 7689
Joined: Sun Apr 01, 2007 10:56 am
Location: Redmond, WA
Contact:
Contact Mike Carey

Re: License vendor to notify WDFW customers whose personal i

Post by Mike Carey » Sat Sep 03, 2016 8:07 am

thanks for posting this notice.
Image

"Takers get the honey, Givers sing the blues".
Top
Post Reply

Return to “Announcements and Fishing/Club Notices”