Cyber Incident Victim: Washington State Department of Licensing
Date:
Jan 2022
Location:
United States of America
Summary
The Washington Department of Licensing experienced a security breach involving unauthorized access to its POLARIS database, which stores sensitive information for licensed professionals across multiple sectors, including drivers, accountants, lawyers, and others. The compromised data varied by license type but potentially included social security numbers, dates of birth, driver license numbers, and other personally identifiable information, impacting hundreds of thousands of individuals. The agency detected suspicious activity during the incident and is conducting an ongoing investigation to determine the full scope, while planning to notify affected parties.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Washington Department of Licensing (DOL) disclosed a security breach on January 24, 2022, involving unauthorized access to its POLARIS database, an online system storing records for licensed professionals across the state. Suspicious activity was detected during the week of January 24, prompting an immediate investigation by agency officials. The compromised system contained sensitive information for individuals holding various professional licenses, including drivers, accountants, lawyers, bail bonds agents, funeral directors, home inspectors, and notaries. While the precise intrusion method and attacker identity remained under investigation at the time of disclosure, the breach potentially exposed personally identifiable information (PII) for hundreds of thousands of individuals. The DOL did not confirm the exact number of affected individuals in its initial statement but acknowledged the significant scope of the incident. A local Seattle newspaper reported POLARIS stored data for over 257,000 licensed professionals and applications spanning 23 occupational categories, suggesting a widespread impact. The agency emphasized the variability in exposed data types depending on the specific license, indicating some individuals faced greater risks than others based on the information associated with their professional credentials.
Exposed information potentially included social security numbers, dates of birth, driver license numbers, and other personally identifying details, creating substantial risks for identity theft and financial fraud. The timing of the breach, occurring just before the tax-filing season, raised concerns among cybersecurity experts about the potential misuse of stolen data in IRS tax fraud schemes. The DOL committed to notifying all individuals whose data was confirmed as accessed during the incident, though the notification process’s timeline and methodology were not immediately specified. Agency officials stated their investigation remained ongoing to determine the full extent of the breach, the specific data exfiltrated, and the vulnerabilities exploited. The lack of confirmed details regarding the attack vector or responsible actors highlighted the preliminary nature of the response during the initial disclosure phase. Potential consequences for affected individuals included targeted phishing attempts, account takeovers, and fraudulent tax filings leveraging the compromised PII. The incident underscored the risks associated with centralized databases storing diverse types of sensitive information for large populations of licensed professionals.