A data breach of the software company Salesforce has compromised the data of hundreds of thousands of licensed professionals in the state of Washington, some of which may already be circulating on the dark web.
The department of licensing became aware of the breach on Jan. 24, after detecting “chatter” about a state Licensing Department breach on the dark web.
The website catalogs personal data for a wide array of licensed professionals throughout Washington state, including occupations as diverse as auctioneers, tattoo artists, morticians, and geologists, among many others. The data includes names, social security numbers, and other sensitive personal information of immense significance to the identity security of the individuals listed in the database.
The site has been out of service indefinitely since the breach in order to protect the information of those affected.
Recent anecdotes indicate that at least some of the information acquired in the breach may already be available on the dark web.
Three individuals with Washington state business licenses recently received notifications that their personal data had appeared on dark web clearinghouses, where such information is illegally sold to identity thieves.
The first such individual was Pam Hughes, a real estate broker who on Jan. 28 received a notification that her social security number had appeared on the dark web. While this was just the latest of many such notifications, most of which amounted to nothing, Hughes’ alarm was raised by the congruity between the date of the appearance and the date of the breach: Jan. 24 in both cases.
A second individual, Mike Burlingame, also reported receiving a similar notification that his information had appeared on the dark web, along with his wife’s information.
A third individual, whose identity remains unknown, made a report that his/her data appeared on the internet to the Identity Theft Resource Center, according to the center’s chief operating officer James Lee.
The breach was made public on Feb. 3 and is currently under investigation by the state Office of Cybersecurity, the state Attorney General’s office, and the private cybersecurity firm Crowdstrike. As of writing, it is uncertain whether such data was actually stolen or merely exposed to the possibility of theft.
While users are assured that their data is secure in such databases as an official government Licensing Department website, this and other previous breaches of ostensibly secure databases are cause for alarm.
For the licensed professionals of the Evergreen State affected by this most recent breach, this investigation will determine whether they may sleep soundly at night knowing their identity is safe, or whether they are now exposed to an inordinate risk of identity theft.