The Washington State Department of Licensing reported a cyber incident last week that may have exposed the sensitive information of more than 250,000 professionals in the state.
The agency said in a statement that it "became aware of suspicious activity involving professional and occupational license data" during the week of January 24.
The Professional Online Licensing and Regulatory Information System (POLARIS) system that was affected stores information ranging from social security numbers, dates of birth and driver license numbers to other personally identifying information.
"We immediately began investigating with the assistance of the Washington Office of Cybersecurity. As a precaution, DOL also shut down the Professional Online Licensing and Regulatory Information System (POLARIS) to protect the personal information of professional licensees. At this time, we have no indication that any other DOL data was affected, such as driver and vehicle licensing information. All other DOL systems are operating normally," the agency said.
"If our investigation concludes that your personal information has been accessed, DOL will notify you and provide you with further assistance."
State Sen. Reuven Carlyle told The Seattle Times that he has been briefed on the issue, with the agency telling him that the Office of Cybersecurity became concerned after someone on the dark web claimed to have accessed the data. By the afternoon of January 24, the agency decided to shut down the licensing system entirely.
The agency said it is working with the state's Office of Cybersecurity to protect the licensing data and bring POLARIS back online. The department issues licenses for 39 types of businesses and professions, including cosmetology, real estate brokers, bail bondsmen, architects and more. The licenses are processed, issued and renewed in POLARIS.
A call center has been created for businesses trying to renew their licenses and the agency said it will not fine companies trying to renew their license during the outage.
The state Attorney General's Office keeps a running tally of the data breaches exposing information from citizens of the state. The website shows that in the attacks reported in 2022, more than 21,500 Washingtonians have been affected.