Cyber Incident Victim: Ag Hawaii

In October 2020, Hawaii authorities disclosed a potential data breach affecting the state’s travel exemption request system managed by the Attorney General’s office. On October 9, 2020, the state notified approximately 150 individuals who had submitted travel exemption applications between September 18 and September 21, 2020, about the exposure of their personal information. The breach was publicly reported on October 11, 2020, though the specific date of initial detection or system compromise was not detailed in available sources. The incident prompted an immediate investigation by state officials to assess the nature and extent of the data exposure. No technical details regarding the breach mechanism—such as unauthorized access methods, malware involvement, or system vulnerabilities—were disclosed in initial reports. The Attorney General’s office did not confirm whether data was exfiltrated or merely exposed internally.

The breach exclusively impacted applicants who used the online travel exemption portal during the three-day window in mid-September 2020. Authorities did not specify the types of data potentially compromised, though travel exemption systems typically collect identifiers such as names, contact details, travel itineraries, and justification documents. No evidence suggested broader dissemination of the data beyond the initial exposure. The state’s response focused on regulatory compliance, including mandatory breach notifications to affected individuals under Hawaii’s data breach laws. As of the last reported update, the investigation remained ongoing, with no public conclusions regarding root causes, threat actors, or corrective measures implemented. Hawaii News Now initially broke the story, but subsequent updates on remediation efforts or final findings were not documented in the provided source material.