Washington Warns of POLARIS Breach
The Washington State Department of Licensing (DOL) has shuttered its Professional Online Licensing and Regulatory Information System (POLARIS) after detecting suspicious activity.
POLARIS stores information about license holders and applicants. The type of information varies for different licenses and may include Social Security numbers, dates of birth, driver license numbers and other personally identifying information (PII).
In a statement posted to its website, the DOL said it became aware of unusual goings involving professional and occupational license data during the week commencing January 24 2022. The decision was taken to shut down POLARIS as a precaution while the activity was investigated.
The department said the Washington Office of Cybersecurity was assisting in the safe recovery of the system and in the investigation to determine whether a data breach had occurred.
“At this time, we have no indication that any other DOL data was affected, such as driver and vehicle licensing information. All other DOL systems are operating normally,” stated the DOL.
It added: “With the support and assistance of nationally recognized cybersecurity experts, we are investigating what happened and what data and people may be affected.”
The department has created an Intent to Renew form to help those professionals who have tried to renew their licenses while POLARIS is down. A call center was set up on February 4 to answer questions by individuals who were impacted by the outage.
DOL has said it will not act against individuals whose license expired while POLARIS was inaccessible.
The department issues over 40 types of licenses. These include driver and vehicle licenses and professional licenses for cosmetologists, real estate brokers, architects, driving instructors and bail bondsmen.
DOL said that the security incident only appeared to potentially impact professional and occupational license data.
“At this time, we are not aware of any suspicious activity involving other DOL systems, such as the driver and vehicle licensing system (DRIVES),” stated the DOL.
“DRIVES is operating normally. We are monitoring all our systems very carefully.”
The department said it will notify any individuals whose personal data was accessed during the incident and provide them with “further assistance.”
More Stories
Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services
Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google...
Friday Squid Blogging: Sunscreen from Squid Pigments
They’re better for the environment. Blog moderation policy. Read More
Compromising the Secure Boot Process
This isn’t good: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than...
Synnovis Restores Systems After Cyber-Attack, But Blood Shortages Remain
Synnovis has rebuilt “substantial parts” of its systems following the Qilin ransomware attack on June 3, enabling the restoration of...
Hacktivists Claim Leak of CrowdStrike Threat Intelligence
CrowdStrike has acknowledged the claims by the USDoD hacktivist group, which has provided a link to download the alleged threat...
CrowdStrike Falcon Outage Exploited for Social Engineering
Cyber threat actors are exploiting the CrowdStrike Falcon outage to conduct social engineering attacks. Here's what the CIS CTI team...