Data Breach Happened As Washington Was Trying To Move To New Vendor
The company involved in a data breach involving Northwest fish and game licenses is a vendor the state of Washington has been trying to part ways with for years.
Texas-based Active Network Outdoors calls itself the leading provider of central reservations and licensing systems to U.S. states. Washington’s Department of Fish and Wildlife first contracted with the company in 2005 when it had a different name and was based in Missouri.
In 2011, Fish and Wildlife contracted with a new vendor which failed to deliver. The agency was forced to stick with Active Network while it went out to bid again for a replacement system. Washington’s new hunting and fishing online portal is supposed to be ready this December.
The hack affects more than 2 million current and former license holders in Washington whose information may have been compromised. In a statement, Active Network says the threat was isolated and security patches have been installed.
The information that was compromised could include names, addresses and the last four digits of Social Security numbers. Washington Fish and Wildlife said Active Network recently passed an IT risk assessment.
The state has resumed in-store and over-the-phone sales of hunting and fishing licenses. But online sales of licenses remain suspended in Washington, Oregon and Idaho.
Full statement from Active Network:
On August 22, we became aware that we were the victim of an unauthorized and unlawful attempt to access our online hunting and fishing licensing applications in Idaho, Oregon, and Washington. All indications are that this potential threat was isolated. Consistent with our long-standing and comprehensive security procedures, our team took immediate action. Within 15 hours, we conducted a full security sweep and tested and released an update to the three applications to address the reported threat. As an additional protective measure, we have engaged a top-tier cybersecurity firm to conduct a review.
Protecting customer information has always been our highest priority. It is important to note that we have not received any reports of misuse of personal information related to this reported threat.
Our applications remain operational and we are committed to working with our state customers and law enforcement to assist in their own investigations of this matter.