The personal information of more than a quarter of a million licensed professionals may have been exposed in a breach of a Washington State Licensing Department database, agency officials said Friday.
The agency, which licenses around 40 categories of businesses and professionals – ranging from auctioneers and private investigators to tattoo artists and real estate agents – said it had temporarily shut down its online licensing system, known as the name of POLARIS, early last week after learning of “suspicious activity”. involving business and professional license data,” according to a spokesperson and a declaration published Thursday on the agency’s website.
Data stored on POLARIS “may include social security numbers, dates of birth, driver’s license numbers, and other personally identifying information,” but the agency doesn’t yet know if that data was actually consulted or how many people may have been affected, agency spokeswoman Christine Anthony said in a statement Friday.
There was also “no indication” that the incident affected other agency data, “such as driver and vehicle license information,” agency officials said, adding that all other Licensing Department systems were functioning normally.
Anthony said the agency was working with the state Office of Cybersecurity “to fully understand the scope of the incident and take any other appropriate actions” and “will release more information when we know more.” .
In particular, investigators have yet to determine whether the personal data was actually deleted by hackers or was simply exposed, said Sen. Reuven Carlyle, D-Seattle, chairman of the Environment, Energy and Health Committee. technology, which was briefed by the agency earlier this week.
The investigation will determine “whether the data was accessible and whether it was accessed and if so, to what extent,” Carlyle said. Until then, he said, “we just don’t have an answer on that.”
Meanwhile, the shutdown of the POLARIS system is causing problems for some professionals and companies who must apply for, renew or modify their license.
The disruption comes at a busy time for realtors, appraisers and home inspectors as the state’s real estate market begins to recover from its typical winter downturn.
None of the state’s nearly 3,000 real estate appraisers have been able to review their licenses and apprentices can’t request a test, said Bob Mossuto Jr., a licensed appraiser and current president of the Appraisers’ Coalition of Washington. . (even if he only spoke in his own name).
Appraisers also can’t check to see if an appraisal management company is licensed in the state to make sure it’s not appraising for unlicensed businesses, Mossuto said.
Steve Francks, CEO of Washington Realtors, said its members know the department is trying to “resolve this issue and restore online services” as quickly as possible, but added that there is “frustration with the lack of communication … regarding a firm plan to resolve these issues.
“It’s frustrating that they didn’t notify potential victims sooner,” noted a Seattle Times reader, adding that the POLARIS system appeared to be “under maintenance for over a week before sending an e -email yesterday about the potential breach”.
Security officials reportedly sounded the alarm of a possible breach after detecting “chatter” about the Licensing Department on the “dark web”, Carlyle said, referring to a part of the online world where users can hide their identity with special technology and where personal data stolen during data breaches is bought and sold.
Criminals often use stolen personal data to commit impostor fraud, such as filing false tax returns or applying for unemployment benefits, as happened in Washington in 2020.
By “excess of caution [the Department of Licensing] close access to [POLARIS] system once they pick up signals on the dark web,” Carlyle said on Friday. Anyone trying to access POLARIS received a notification that it was temporarily unavailable.
The size of the breach is still unclear. Data from 23 state-licensed professions and businesses are processed through POLARIS, Anthony said.
Within those 23 categories, which also include bail bondsmen, funeral directors, building inspectors and notaries, the agency has approximately 257,000 active licenses in its system, Anthony said, adding that “there are probably has more records that can be identified when conducting our investigation. .”
But how many of those affected licensees has not been determined, Anthony said.
Investigators are also still trying to determine the location of the breach — whether it was an issue internal to the Licensing Department, for example, or with a vendor or other third party, Carlyle said.
“They’re not ready to come to a conclusion about where in the ‘ecosystem’ there was a weakness,” Carlyle said.
The Licensing Department opened a call center on Friday to handle questions about the incident – 855-568-2052 – but the agency said the center will have limited capacity until Monday.