Friday, September 30, 2016

Ore, Wa, Idaho Hunting And Fishing License Application Database Breached

I just got a notice in the mail informing me of this.

Wonderful.

So I went online and did a search to make sure it's legit and sure as shit, here it is.
I am going to copy and paste this article in it's entirety, with credit and acknowledgement to the author and site I got it from as a Public Service Announcement to try and make as many people who may be affected as possible aware of the situation.

Active Outdoors letters warn of breach in hunting, fishing license database



Officials are scrambling today to quell fears that the Social Security numbers of about a million Oregonians may have been stolen by a computer hacker named "Mr. High" in a data breach of the company used by Oregon, Washington and Idaho to sell hunting and fishing licenses.
The Texas-based license vendor, Active Outdoors, has sent form letters warning residents that some of their private information may have been stolen in an Aug. 22 data breach in which a hacker may have gained access to online information prior to July 2007.
Some Oregonians are receiving letters stating correctly that the personal information could include their name, birth date, address and driver's license number — all public record in Oregon and recorded during license purchases.
Others have received a form letter that includes reference to the possible hacking of their Social Security numbers, which were collected by fish and wildlife agencies across the country since 2000 to help track down dead-beat dads.
Both letters state that Active Outdoors will pay for two years of "identity repair and restoration" through a company called AllClear ID, and provides a telephone number to inquire about signing up.
While the Oregon Department of Fish and Wildlife did collect Social Security numbers during license holders' first purchase as required by state and federal law, that information was not part of the Active Outdoors' data collection, ODFW spokesman Richard Hargrave said.
"We know for a fact that Social Security numbers for Oregon licenses were not hacked," Hargrave said. "For Oregon, that's simply not the case."
Only the name, address and birth date were available from those who bought online licenses between 2003 and July 2007, Hargrave said. Prior to 2003, licenses were tracked by driver's licenses, so driver's license numbers from those buyers could have been hacked, he said.
Hargrave said ODFW offices have been bombarded with inquiries on whether the letter was legit and questions about why they have to provide AllClear ID with their Social Security numbers, which are needed to track credit activity.
"I'm sure it's a little unnerving for somebody who got that letter," Hargrave said. "People are doing their due diligence, and I understand that."
Concerns are even higher in Idaho, where Active Outdoors notified hunters and anglers that their Social Security numbers may have been accessed during the data breach, which federal officials say puts them at risk of future identity theft and tax fraud if the information did fall into cyber-thieves' hands.
They are flooding the Idaho Department of Fish and Game with inquiries about the letter's legitimacy and how to proceed, IDFG spokesman Mike Keckler said.
"I have received one of the letters, and I personally intend to sign up for it," Keckler said.
The only Oregonians who may have had their Social Security numbers accessed via the hack are those who bought Idaho hunting or fishing licenses online before July 2007, Hargrave said.
Active Outdoors spokesman Bryant Madden confirmed the authenticity of the letters and said the firm sent letters with the Social Security number reference to Oregonians who bought Idaho hunting/fishing licenses prior to July 2007.
This differs from Oregon and Washington licenses, in which Social Security information was not involved, so some Oregonians could be in one or both groups, Madden said.
The Active Outdoors letters confirm claims that the alleged hacker, who called himself "Mr. High," made to the Mail Tribune through access to a chat room that he and others used to discuss the hack before and after Aug. 22.
The Active Outdoors letters, however, make no reference to "Mr. High," whom the Mail Tribune contacted through the email address the hacker used to notify Active Outdoors and ODFW about the breach.
In chat posts, Mr. High claimed to have taken only names, birth dates, addresses and driver's license numbers but not even partial Social Security numbers from 1,195,204 Oregon licensees. He also claimed to have full Social Security numbers from 788,064 Idaho licenses, along with other details, and partial Social Security numbers from 2.4 million Washington license holders.
Mr. High claimed in the posts to have notified the agencies as well as Active Outdoors and the FBI of the leaks in the computer systems so the agencies could patch the holes and render his stolen data more lucrative if sold.
Internal Revenue Service officials say the most prevalent form of identity theft is using someone's Social Security number to file false tax returns and garner bogus refunds before the victim files his or her own returns. More than 90 percent of these cases are reportedly weeded out by the IRS when they receive the fake returns.
Hargrave said there is no evidence to date that the reportedly hacked information has been used in any way.
Reach Mail Tribune reporter Mark Freeman at 541-776-4470 or mfreeman@mailtribune.com. Follow him on Twitter at www.twitter.com/MTwriterFreeman.

1 comment:

Anonymous said...

no decent firewall or vendor password system in most government machines

Wildflower

Fair Use Notice

Fair Use Statement: This site may contain copyrighted material, the use of which may not have been authorized by the copyright owner. I am making such material available in an effort to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. I believe this constitutes a ‘fair use’ of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information go to: “http://www.law.cornell.edu/uscode/17/107.shtml” If you wish to use copyrighted material from this site for purposes of your own that go beyond ‘fair use’, you must obtain permission from the copyright owner.