Washington Department of Fish and Wildlife customers will soon find a letter in their mail about a recent data breach.
The security failure compromised more than 2 million customers, and WDFW officials say they knew the online system had vulnerabilities. The hacker obtained the name, address, date of birth, and driver’s license number of anyone with a profile created prior to July 2006.
Soon after reporting his or her own crime, the hacker began bragging that vendor ActiveOutdoor Networks was hacked before by a “kiddiot,” but the company “didn’t take the time to fix a much more serious error.”
“I’m more angry that he has my customers’ data than I am that he’s bragging about it,” said WDFW Licensing Division Manager Peter Vernie. “I don’t want my customers to be exposed this way.”
Vernie said the state tried for years to find a new software vendor, but budget and other issues stood in the way.
“It was just one more thing on top of the pie we deal with everyday. It wasn’t too surprising but it was disappointing,” said Dan Stauffer, who sells licenses at Ed’s Surplus and Marine in Lynnwood.
Stauffer said the hacker only hurt business a little bit, but he was already fed up.
WDFW admits the system is 10 years old and in need of serious upgrades.
“It’s old, and it’s been obsolete for a number of years, held together with spit, baling wire and string,” Stauffer said.
The state will go live with a new company later this year, but still hasn’t activated online license sales. Letters alerting compromised customers should arrive in the mail as early as Thursday.
“He’s saying he has over 6 million profiles from these three states that he was able to capture, so I think he’s really trying to develop some street cred out there,” Vernie said. “We took this really seriously. I think we took it more seriously than any other incident we’ve seen.”