OutdoorWriter
Long Time Member
- Messages
- 8,288
Hackers have entered the licensing systems in Washington, Idaho and Oregon, possibly gaining access to hunters names, addresses, social security and possibly credit card numbers.
http://wdfw.wa.gov/news/aug2416a/
August 24, 2016
Contact: WDFW contact: Bruce Botka, (360) 902-2262
Office of Cyber Security contact: Andrew Garber, (360) 407-7995
Hunting and fishing license sales suspended
while state agencies investigate system vulnerability
OLYMPIA ? The Washington Department of Fish and Wildlife (WDFW) has temporarily suspended the sale of fishing and hunting licenses while it works with the state Office of Cyber Security (OCS) to investigate a vulnerability in an outside vendor?s license sale system that was recently exploited in several states, including Washington.
The vendor?s vulnerability allowed access to some personal information provided by customers who purchased fishing and hunting licenses. WDFW and OCS are working with the vendor and collaborating with law enforcement, federal agencies, and officials in other states to determine how much information was accessed.
WDFW is working to resume license sales as soon as it can ensure the security of the system. More information will be released as it becomes available.
https://idfg.idaho.gov/press/i...entially-compromised
Idaho Fish and Game Customer Information Potentially Compromised
By Staff Writer
Friday, August 26, 2016 - 5:19 PM MDT
Idaho Fish and Game today learned that personal information for license buyers who began purchasing hunting and fishing licenses and tags prior to 2008 was potentially accessed by a breach of the online computer license sales system owned and operated by Active Network, a Texas-based company.
During a Friday afternoon conference call, Active Network executives told Fish and Game that it cannot confirm whether any personal information was actually taken but that it is possible.
The data breach apparently occurred sometime over the summer. Personal information potentially includes name, age, address, and Social Security Number. Idaho Fish and Game is required by state law to obtain this information to issue a license.
Credit card information is not kept in the Active Network licensing system and Fish and Game is confident it was not accessed.
?This is a serious matter and we encourage all license holders who may potentially be affected to take proactive steps to protect themselves,? Fish and Game Deputy Director Ed Schriever said. ?We apologize to our license buyers and will continue to work with Active Network to get to the bottom of this.?
Active Network notified Idaho Fish and Game of the online breach on August 23. Fish and Game shut down the online portion of the system the next day. Fish and Game requested Active Network hire an independent cybersecurity firm to conduct a review and the company agreed to the request.
The information learned today from Active Network is specific to Idaho.
Who is potentially affected?
Idaho residents and nonresidents who started buying hunting and fishing licenses and tags before 2008. Those who made their first license purchase after 2008 are not at risk.
Was my information stolen?
We won't know. Active Networks can only confirm that it is possible.
What should I do?
Fish and Game recommends license buyers follow the advice of the Idaho Attorney General?s office and monitor their financial accounts and credit history for any signs of suspicious activity (see below).
What has Fish and Game done to protect my information?
Idaho Fish and Game has shut down the online license sales site where the breach occurred and it will remain shut down and will not be brought back up until an independent third party says it is safe to do so.
Can I still buy an Idaho hunting or fishing license and tag?
Yes, they are still available at about 400 businesses statewide and also at Fish and Game offices. The computer terminals used to sell licenses and tags at businesses and Fish and Game offices are separate from the online system.
What if I detect something suspicious with my accounts?
Call your local police department or sheriff?s office and file a report of identity theft. Get a copy of the police report. You may need to give copies of the report to creditors.
Whether any important personal information was obtained in the data breach, it's a good reminder to be vigilant against identity theft. Here?s how:
The Federal Trade Commission has a website to help you learn more about identify theft and prevention at www.consumer.gov/idtheft.
Review your bank, credit card and debit card account statements and immediately report any suspicious activity to your bank, credit union or credit card company.
Monitor your credit reports with major credit reporting agencies such as:
Equifax, www.equifax.com, (800) 685-1111.
Experian, www.experian.com, (888) 397-3742.
Transunion, www.transunion.com, (800) 916-8800.
http://www.dfw.state.or.us/
Effective August 25, 2016 ODFW?s Online Internet Licensing Sales system will be down until further notice.
OREGON SYSTEM HACKED
Oregon officials say they don't think personal information has been compromised by a hacking operation that impacted hunting and fishing license databases in four states.
Online sales of licenses have been suspended in Oregon, Washington, Idaho and Kentucky following claims from an individual that they obtained information such as Social Security numbers, phone numbers and driver?s license information.
Rick Hargrave, spokesman for the Oregon Department of Fish and Wildlife, said the state?s network security team ?didn't find any evidence that personal data was taken or viewed.?
?We?re continuing to be vigilant and continuing to check on the situation, which is why we're keeping the online sales of licenses down until further notice,? he said.
The situation started Tuesday, when a hacker emailed a message to ODFW saying they had breached the personal information of the state website.
After not finding any evidence of a breach, ODFW put the system back on line Wednesday, but took it down again Thursday as precaution, according to the Office of the State CIO.
The hacker, who calls himself ?Mr. High,? claimed to have obtained ?over six million pieces of personal information,? according to the website databreaches.net.
The hacker claimed to have obtained the name, date of birth, address and drivers license numbers of 1.1 million Oregonians, according to the site.
Hargrave said names and addresses are information that could be obtained by anyone. However, he disputed that the hacker accessed personal driver?s license information or date of birth.
?(They) may have been able to view information that is available anyway ? public information,? Hargrave said. ?But we don't believe he could view information like a Social Security number or driver?s license number.?
In Washington and Idaho, the hacker claimed to have other information such as the last four digits of Social Security numbers, phone numbers and a person?s physical characteristics. The website LiveOutdoors.com first reported information about the hacker's claims.
All four states are conducting ongoing investigations into the extent of the breach.
In the meantime, Hargrave said, Oregonians can still purchase licenses at retailers ? such as Fred Meyer or Bi-Mart ? or at Oregon Fish and Wildlife Department offices. In Washington, the Washington Department of Fish and Wildlife is allowing anglers to fish without a license while the agency?s fishing and hunting license sales system is down.
TONY MANDILE
How To Hunt Coues Deer
http://wdfw.wa.gov/news/aug2416a/
August 24, 2016
Contact: WDFW contact: Bruce Botka, (360) 902-2262
Office of Cyber Security contact: Andrew Garber, (360) 407-7995
Hunting and fishing license sales suspended
while state agencies investigate system vulnerability
OLYMPIA ? The Washington Department of Fish and Wildlife (WDFW) has temporarily suspended the sale of fishing and hunting licenses while it works with the state Office of Cyber Security (OCS) to investigate a vulnerability in an outside vendor?s license sale system that was recently exploited in several states, including Washington.
The vendor?s vulnerability allowed access to some personal information provided by customers who purchased fishing and hunting licenses. WDFW and OCS are working with the vendor and collaborating with law enforcement, federal agencies, and officials in other states to determine how much information was accessed.
WDFW is working to resume license sales as soon as it can ensure the security of the system. More information will be released as it becomes available.
https://idfg.idaho.gov/press/i...entially-compromised
Idaho Fish and Game Customer Information Potentially Compromised
By Staff Writer
Friday, August 26, 2016 - 5:19 PM MDT
Idaho Fish and Game today learned that personal information for license buyers who began purchasing hunting and fishing licenses and tags prior to 2008 was potentially accessed by a breach of the online computer license sales system owned and operated by Active Network, a Texas-based company.
During a Friday afternoon conference call, Active Network executives told Fish and Game that it cannot confirm whether any personal information was actually taken but that it is possible.
The data breach apparently occurred sometime over the summer. Personal information potentially includes name, age, address, and Social Security Number. Idaho Fish and Game is required by state law to obtain this information to issue a license.
Credit card information is not kept in the Active Network licensing system and Fish and Game is confident it was not accessed.
?This is a serious matter and we encourage all license holders who may potentially be affected to take proactive steps to protect themselves,? Fish and Game Deputy Director Ed Schriever said. ?We apologize to our license buyers and will continue to work with Active Network to get to the bottom of this.?
Active Network notified Idaho Fish and Game of the online breach on August 23. Fish and Game shut down the online portion of the system the next day. Fish and Game requested Active Network hire an independent cybersecurity firm to conduct a review and the company agreed to the request.
The information learned today from Active Network is specific to Idaho.
Who is potentially affected?
Idaho residents and nonresidents who started buying hunting and fishing licenses and tags before 2008. Those who made their first license purchase after 2008 are not at risk.
Was my information stolen?
We won't know. Active Networks can only confirm that it is possible.
What should I do?
Fish and Game recommends license buyers follow the advice of the Idaho Attorney General?s office and monitor their financial accounts and credit history for any signs of suspicious activity (see below).
What has Fish and Game done to protect my information?
Idaho Fish and Game has shut down the online license sales site where the breach occurred and it will remain shut down and will not be brought back up until an independent third party says it is safe to do so.
Can I still buy an Idaho hunting or fishing license and tag?
Yes, they are still available at about 400 businesses statewide and also at Fish and Game offices. The computer terminals used to sell licenses and tags at businesses and Fish and Game offices are separate from the online system.
What if I detect something suspicious with my accounts?
Call your local police department or sheriff?s office and file a report of identity theft. Get a copy of the police report. You may need to give copies of the report to creditors.
Whether any important personal information was obtained in the data breach, it's a good reminder to be vigilant against identity theft. Here?s how:
The Federal Trade Commission has a website to help you learn more about identify theft and prevention at www.consumer.gov/idtheft.
Review your bank, credit card and debit card account statements and immediately report any suspicious activity to your bank, credit union or credit card company.
Monitor your credit reports with major credit reporting agencies such as:
Equifax, www.equifax.com, (800) 685-1111.
Experian, www.experian.com, (888) 397-3742.
Transunion, www.transunion.com, (800) 916-8800.
http://www.dfw.state.or.us/
Effective August 25, 2016 ODFW?s Online Internet Licensing Sales system will be down until further notice.
OREGON SYSTEM HACKED
Oregon officials say they don't think personal information has been compromised by a hacking operation that impacted hunting and fishing license databases in four states.
Online sales of licenses have been suspended in Oregon, Washington, Idaho and Kentucky following claims from an individual that they obtained information such as Social Security numbers, phone numbers and driver?s license information.
Rick Hargrave, spokesman for the Oregon Department of Fish and Wildlife, said the state?s network security team ?didn't find any evidence that personal data was taken or viewed.?
?We?re continuing to be vigilant and continuing to check on the situation, which is why we're keeping the online sales of licenses down until further notice,? he said.
The situation started Tuesday, when a hacker emailed a message to ODFW saying they had breached the personal information of the state website.
After not finding any evidence of a breach, ODFW put the system back on line Wednesday, but took it down again Thursday as precaution, according to the Office of the State CIO.
The hacker, who calls himself ?Mr. High,? claimed to have obtained ?over six million pieces of personal information,? according to the website databreaches.net.
The hacker claimed to have obtained the name, date of birth, address and drivers license numbers of 1.1 million Oregonians, according to the site.
Hargrave said names and addresses are information that could be obtained by anyone. However, he disputed that the hacker accessed personal driver?s license information or date of birth.
?(They) may have been able to view information that is available anyway ? public information,? Hargrave said. ?But we don't believe he could view information like a Social Security number or driver?s license number.?
In Washington and Idaho, the hacker claimed to have other information such as the last four digits of Social Security numbers, phone numbers and a person?s physical characteristics. The website LiveOutdoors.com first reported information about the hacker's claims.
All four states are conducting ongoing investigations into the extent of the breach.
In the meantime, Hargrave said, Oregonians can still purchase licenses at retailers ? such as Fred Meyer or Bi-Mart ? or at Oregon Fish and Wildlife Department offices. In Washington, the Washington Department of Fish and Wildlife is allowing anglers to fish without a license while the agency?s fishing and hunting license sales system is down.
TONY MANDILE
How To Hunt Coues Deer