Sensitive records exposed at Washington state licensing agency

The Washington Department of Licensing said late Friday that its system for managing professional business licenses incurred a data exposure last month after “suspicious activity,” potentially affecting more than a quarter-million records.

According to a post on the agency’s blog, officials became aware of suspicious activity on its network during the week of Jan. 24. While an investigation in conjunction with the Washington Office of Cybersecurity was launched, the discovery also lead to the temporary shutdown of the Professional Online Licensing and Regulatory Information System, or POLARIS, the state’s platform used to apply for and renew credentials in 23 fields.

The Seattle Times reported that POLARIS contains records on about 257,000 active licenses, including 40,000 real-estate agents.

But the information that was exposed could be damaging if obtained by malicious actors: The licensing bureau said that exposed records could include Social Security numbers, dates of birth, driver license numbers, and other personally identifying information.

Along with professional credentials, the Department of Licensing is also responsible for issuing driver’s licenses and car and boat registrations. Those records were not affected by the exposure and related systems are still online, the department said. The blog post also read that officials are trying to bring POLARIS “back online as soon as possible,” but did not give a timeline. The agency also opened a call center and is offering an “intent to renew” form for professionals seeking to renew their licenses before the system is restored.

A data breach last year in the Washington State Auditor’s office prompted calls for a governmentwide cybersecurity consolidation.