Massive Breach Exposes Hunting and Fishing License Data in Idaho, Oregon, Washington and Kentucky

hunting fishing licenses hacked
Share the knowledge

A massive data breach has occurred following the hacking of the servers belonging to Active Network, which processes online applications for hunting and fishing licenses in Oregon, Idaho, Kentucky, and Washington state. The hacker, calling himself “Mr. High”, claims to have acquired the personally identifiable information (PII) of those who have applied online for a fishing license or a hunting license in those states. Mr. High says that the information for each applicant includes their name, address,their date of birth (DOB), their height, weight, eye color, and the last four digits of their social security number (SSN). Some records also included email addresses and phone numbers.

While Active Network and various state agencies are saying that the data “may have been compromised” ([Page no longer available – we have linked to the version instead]), and “They’ve only been able to confirm that it was possible that personal information was accessed, We do not know yet whether or not that actually occurred, and we may not ever know,” (Idaho, as reported by the Associated Press in the Register Guard), is quoting Mr. High as saying that he accessed 2,435,452 records from Washington (including “Name, DOB, Address, DL#, Last Four Digits of SSN, Height, Weight, and Eye Color. Some have email and/or phone”), 1,195,204 records from Oregon (including “Name, DOB, Address, and DL#. Some have email and/or phone”), 788,064 from Idaho (including “Name, DOB, Address, DL#, Full SSN, Height, Weight, Hair Color, and Eye Color. Some have email and/or phone”), and 2,126,449 from Kentucky (including “Name, DOB, Address, and Last Four Digits of SSN. Some have email and/or phone”).

In addition, says DataBreaches, Mr. High posted on the AlphaBay forum (Alpha Bay is a site on the dark web which people can use to buy, sell, and trade illegal substances and data), claiming that “I just hacked four websites and reported the security holes. Two of these were government websites. All of these websites pertain to one type of activity that requires registering PI. Each website is contained to one state. I got over six million pieces of personal information from these websites. This should make the news. I’ll list the exact websites once the security hole is patched and/or it makes the news.”

In a statement updated on Friday, the [Page no longer available – we have linked to the version instead] said that the breach likely only affected those who had applied for a Washington state hunting or fishing license online prior to June, 2006, although we have been unable to verify that or to find any of the other state agencies saying that. For their part, Active Network has been been silent, and most reports of the incident say that Active Network has not responded to requests.

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link


Share the knowledge

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.