A massive data breach has occurred following the hacking of the servers belonging to Active Network, which processes online applications for hunting and fishing licenses in Oregon, Idaho, Kentucky, and Washington state. The hacker, calling himself “Mr. High”, claims to have acquired the personally identifiable information (PII) of those who have applied online for a fishing license or a hunting license in those states. Mr. High says that the information for each applicant includes their name, address,their date of birth (DOB), their height, weight, eye color, and the last four digits of their social security number (SSN). Some records also included email addresses and phone numbers.
While Active Network and various state agencies are saying that the data “may have been compromised” ([Page no longer available – we have linked to the archive.org version instead]), and “They’ve only been able to confirm that it was possible that personal information was accessed, We do not know yet whether or not that actually occurred, and we may not ever know,” (Idaho, as reported by the Associated Press in the Register Guard), DataBreaches.net is quoting Mr. High as saying that he accessed 2,435,452 records from Washington (including “Name, DOB, Address, DL#, Last Four Digits of SSN, Height, Weight, and Eye Color. Some have email and/or phone”), 1,195,204 records from Oregon (including “Name, DOB, Address, and DL#. Some have email and/or phone”), 788,064 from Idaho (including “Name, DOB, Address, DL#, Full SSN, Height, Weight, Hair Color, and Eye Color. Some have email and/or phone”), and 2,126,449 from Kentucky (including “Name, DOB, Address, and Last Four Digits of SSN. Some have email and/or phone”).
In addition, says DataBreaches, Mr. High posted on the AlphaBay forum (Alpha Bay is a site on the dark web which people can use to buy, sell, and trade illegal substances and data), claiming that “I just hacked four websites and reported the security holes. Two of these were government websites. All of these websites pertain to one type of activity that requires registering PI. Each website is contained to one state. I got over six million pieces of personal information from these websites. This should make the news. I’ll list the exact websites once the security hole is patched and/or it makes the news.”
In a statement updated on Friday, the [Page no longer available – we have linked to the archive.org version instead] said that the breach likely only affected those who had applied for a Washington state hunting or fishing license online prior to June, 2006, although we have been unable to verify that or to find any of the other state agencies saying that. For their part, Active Network has been been silent, and most reports of the incident say that Active Network has not responded to requests.
|No Paywall Here! |
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
- DatabaseUSA Wins Case against Spamhaus in Matter of DatabaseUSA v. Spamhaus in Federal Court - 8/3/2020
- How to Make Your Mac Back Up to a Specific Drive When Time Machine is Using More than One Drive, Plus Explanation of Consistency Scan - 7/29/2020
- Instacart Denies Data Breach, Blames Customers, as More Than 250,000 Instacart Customer’s PII is for Sale on the Dark Web - 7/28/2020