Washington Warns of POLARIS Breach
The Washington State Department of Licensing (DOL) has shuttered its Professional Online Licensing and Regulatory Information System (POLARIS) after detecting suspicious activity.
POLARIS stores information about license holders and applicants. The type of information varies for different licenses and may include Social Security numbers, dates of birth, driver license numbers and other personally identifying information (PII).
In a statement posted to its website, the DOL said it became aware of unusual goings involving professional and occupational license data during the week commencing January 24 2022. The decision was taken to shut down POLARIS as a precaution while the activity was investigated.
The department said the Washington Office of Cybersecurity was assisting in the safe recovery of the system and in the investigation to determine whether a data breach had occurred.
“At this time, we have no indication that any other DOL data was affected, such as driver and vehicle licensing information. All other DOL systems are operating normally,” stated the DOL.
It added: “With the support and assistance of nationally recognized cybersecurity experts, we are investigating what happened and what data and people may be affected.”
The department has created an Intent to Renew form to help those professionals who have tried to renew their licenses while POLARIS is down. A call center was set up on February 4 to answer questions by individuals who were impacted by the outage.
DOL has said it will not act against individuals whose license expired while POLARIS was inaccessible.
The department issues over 40 types of licenses. These include driver and vehicle licenses and professional licenses for cosmetologists, real estate brokers, architects, driving instructors and bail bondsmen.
DOL said that the security incident only appeared to potentially impact professional and occupational license data.
“At this time, we are not aware of any suspicious activity involving other DOL systems, such as the driver and vehicle licensing system (DRIVES),” stated the DOL.
“DRIVES is operating normally. We are monitoring all our systems very carefully.”
The department said it will notify any individuals whose personal data was accessed during the incident and provide them with “further assistance.”
More Stories
ForgeRock, Double Secret Octopus offer passwordless authentication for enterprises
ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help...
ForgeRock, Secret Double Octopus offer passwordless authentication for enterprises
ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help...
Mispadu Trojan Steals 90,000+ Banking Credentials From Latin American Victims
These included a number of government websites: 105 in Chile, 431 in Mexico and 265 in Peru Read More
KillNet Group Uses DDoS Attacks Against Azure-Based Healthcare Apps
Microsoft said it saw between 40 and 60 daily attacks in February Read More
BreachForums Admin Arrested in New York
Conor Brian Fitzpatrick of Peekskill was apprehended last Wednesday following an FBI investigation Read More
CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws
Last week, the US Cybersecurity and Infrastructure Security Agency (CISA) announced the launch of the Ransomware Vulnerability Warning Pilot (RVWP)...