Washington Warns of POLARIS Breach
The Washington State Department of Licensing (DOL) has shuttered its Professional Online Licensing and Regulatory Information System (POLARIS) after detecting suspicious activity.
POLARIS stores information about license holders and applicants. The type of information varies for different licenses and may include Social Security numbers, dates of birth, driver license numbers and other personally identifying information (PII).
In a statement posted to its website, the DOL said it became aware of unusual goings involving professional and occupational license data during the week commencing January 24 2022. The decision was taken to shut down POLARIS as a precaution while the activity was investigated.
The department said the Washington Office of Cybersecurity was assisting in the safe recovery of the system and in the investigation to determine whether a data breach had occurred.
“At this time, we have no indication that any other DOL data was affected, such as driver and vehicle licensing information. All other DOL systems are operating normally,” stated the DOL.
It added: “With the support and assistance of nationally recognized cybersecurity experts, we are investigating what happened and what data and people may be affected.”
The department has created an Intent to Renew form to help those professionals who have tried to renew their licenses while POLARIS is down. A call center was set up on February 4 to answer questions by individuals who were impacted by the outage.
DOL has said it will not act against individuals whose license expired while POLARIS was inaccessible.
The department issues over 40 types of licenses. These include driver and vehicle licenses and professional licenses for cosmetologists, real estate brokers, architects, driving instructors and bail bondsmen.
DOL said that the security incident only appeared to potentially impact professional and occupational license data.
“At this time, we are not aware of any suspicious activity involving other DOL systems, such as the driver and vehicle licensing system (DRIVES),” stated the DOL.
“DRIVES is operating normally. We are monitoring all our systems very carefully.”
The department said it will notify any individuals whose personal data was accessed during the incident and provide them with “further assistance.”