Posted On February 10, 2022 Consumer Privacy & Data Breaches

Data Breach Alert: Washington State Department of Licensing

February 10, 2022 – Recently, the Washington State Department of Licensing announced it verified suspicious activity involving a database the Department uses to store information pertaining to professional licensing. As a result of the Washington State Department of Licensing data security incident, the personal information of up to a quarter million individuals may have been compromised. Those impacted by this potential data breach should be sure they understand what happened, what their rights are, and how they can pursue them. The data breach lawyers at Console & Associates, P.C. are actively investigating this security breach. If an investigation reveals that the Washington State Department of Licensing failed to ensure the safety of consumer data leading up to the breach, the agency may be liable through a data breach class action lawsuit.

Cyberattacks such as this one are increasingly common in today’s society. Today more than ever, businesses and government agencies store data electronically. While there are certainly many ways to protect against cyberthreats, hackers have ways of identifying vulnerabilities in data security systems, which they can then exploit.

When a hacker breaches a computer system, they can steal sensitive consumer information from the compromised systems. While there is no guarantee that this information will be used for criminal purposes, that is not an uncommon occurrence. Thus, as a matter of course, after an organization experiences a data breach, it will inform anyone whose information was compromised. Despite the risks data breaches present, many consumers fail to take precautionary measures to protect themselves from identity theft and other frauds.

Can Consumers Whose Data Was Leaked Pursue Legal Action?

When you allowed the Washington State Department of Licensing access to your personal data, you trusted the Department to keep your sensitive information safe. However, news of the Washington State Department of Licensing data security incident raises some very serious questions about the government’s data security measures and whether it could have done more to prevent this type of cyber-attack.

Both businesses and government agencies have a legal obligation to protect consumer information in their possession. Although creating and maintaining a data security system is costly, this is a necessary expense given the frequency with which cyberattacks occur.

Consumers whose personal, identifying, financial or healthcare-related data was compromised in a data breach can pursue legal action against an organization that misused or mishandled their information. However, the investigation into the Washington State Department of Licensing outage is only in its beginning phases. For that reason, it is too early to tell if the agency was legally responsible for the breach. However, our data breach attorneys are investigating the Washington State Department of Licensing security breach to determine the potential legal remedies of those affected.

If you have questions about your ability to pursue a data breach class action lawsuit against the Washington State Department of Licensing, contact a data breach attorney as soon as possible.

What to Do If You Receive a Data Breach Notification from the Washington State Department of Licensing

The Department of Licensing has yet to confirm whether the data incident resulted in any consumer information being compromised. However, if you receive a data breach notification from the Washington State Department of Licensing in the coming weeks, it means your personal data was among that which was compromised in the recent cyberattack. It also means a cybercriminal had access to—and may have stolen—your personal data. Given the risks involved, it is important you remain vigilant by taking the following steps:

1. 1. Figure Out What Information Was Stolen: Carefully review the data breach letter, keeping in mind the information you provided to the organization as well as the type of data that was compromised in the breach. You should also take a copy of the data breach letter and keep it for your records. Of course, data breach letters are not always easy to understand. A consumer privacy lawyer can help victims of a data breach understand what was compromised and how to protect themselves.
   2. Prevent the Hacker from Accessing Your Accounts: Once you determine the scope of the breach and how it affected you, next you should take all steps to prevent cybercriminals from accessing your credit or financial accounts. For example, you should change all passwords and security questions for your online accounts. You should also consider setting up multi-factor authentication where it is available.
   3. Protect Your Credit and Your Financial Accounts: In the wake of a data breach, organizations usually provide free credit monitoring services for a specified period of time. This is not a gimmick, and you do not give up any rights by taking an organization up on their offer. Additionally, you should contact one of the three main credit bureaus to request a copy of your credit report. Even if you do not notice any signs of fraud or unauthorized activity, it is a good idea to request a fraud alert. Fraud alerts are free and serve as a red flag to potential lenders and creditors that your information was compromised.
   4. Consider a Credit Freeze: A credit freeze prevents access to your credit report unless you specifically authorize it. Credit freezes are free and last until you remove them. While placing a credit freeze on your accounts may initially seem like a drastic measure, according to the Identity Theft Resource Center (“ITRC”), doing so is the “single most effective way to prevent a new credit/financial account from being opened.” However, ITRC reports that just 3% of consumers whose information is leaked place a freeze on their accounts. Once a credit freeze is in place, you can temporarily lift the freeze if you need to apply for any type of credit.
   5. Regularly Monitor Your Credit Report and Financial Accounts: Protecting yourself in the wake of a data breach is not a one-time task. You should continually monitor your credit report and all financial accounts, keeping an eye out for any signs of unauthorized activity or fraud. You may also consider calling your banks and credit card companies to report the fact that your information was compromised in a data breach.

About the Washington State Department of Licensing

The Washington State Department of Licensing (“Washington State DOL”) is the state government agency responsible for licensing motor vehicles, boats, and certain professionals who do business in the state.

The Details of the Washington State DOL Data Breach

According to a notice posted on the DOL website, the Department of Licensing noticed suspicious activity involving professional and occupational license data. In response, the DOL shut down the Professional Online Licensing and Regulatory Information System (POLARIS) to protect the personal information of professional licensees. An investigation into the incident is ongoing, however, the DOL noted that the information contained in the database includes licensees’ Social Security numbers, dates of birth, driver license numbers, and other personally identifying information.

Below is the notice provided on the Washington State Department of Licensing website (the link to the actual page can be found here):

Dear [Consumer],

During the week of Jan. 24, 2022, the Department of Licensing (DOL) became aware of suspicious activity involving professional and occupational license data. We immediately began investigating with the assistance of the Washington Office of Cybersecurity. As a precaution, DOL also shut down the Professional Online Licensing and Regulatory Information System (POLARIS) to protect the personal information of professional licensees.

At this time, we have no indication that any other DOL data was affected, such as driver and vehicle licensing information. All other DOL systems are operating normally.

We are working with the Washington Office of Cybersecurity to protect the licensing data and bring POLARIS back online as soon as possible. With the support and assistance of nationally recognized cybersecurity experts, we are investigating what happened and what data and people may be affected.

The POLARIS system stores information about its license holders and applicants. The type of information varies for different licenses and may include social security numbers, dates of birth, driver license numbers, and other personally identifying information. If our investigation concludes that your personal information has been accessed, DOL will notify you and provide you with further assistance.