The latest government data breach came from (wait for it...) fishing licenses

While it’s painful to admit, incidents of data hacking which expose personal data entrusted to the government are so common these days as to barely merit a headline. There’s been yet another breach this year and it’s not one which is likely to make a big splash in the media unless you happen to be an avid fisherman. In three northwestern states, the issuing of new fishing licenses had to be suspended recently because hackers attempted to access the database of information on anglers. How much – if any – data they obtained is not yet known, but there’s enough information in those files to have consumers worried. (AT&T Live News)

A breach in a vendor’s system that processes online sales of hunting and fishing licenses in Idaho, Oregon and Washington state exposed several million records containing buyers’ personal information, officials said Friday.

The U.S. Department of Homeland Security and FBI are investigating the hack into Dallas-based Active Network, the Washington State Office of Cyber Security said in a statement. Washington halted all sales earlier this week, allowing anglers to fish license-free, while Idaho and Oregon have stopped only online sales…

Active Network, whose event and activity management software is used by tens of thousands of event organizers nationwide, including marathons and other races, said the potential threat was isolated to fishing and hunting licensing systems in the three states.

The data which was potentially exposed might not be as serious for consumers as a credit card or tax database being breached, but it was nothing to sneeze at either. The system included the names, addresses, driver’s license numbers, dates of birth and the last four digits of Social Security numbers of license holders. For any clever identity thieves, that’s a very solid starting point (particularly when combined with other discoveries) to build up a profile and hack into somebody’s accounts. When you consider the inclusion of home addresses tied to real names it’s also a treasure trove for stalkers.

What interests me most about this story is the fact that it highlights the intersection between the government and private enterprises when it comes to citizens’ data. Most licenses (drivers being the most common example) are handled through a government office and on government run computer systems such as in the DMV. They’re hardly perfect and have been breached before, but at least the systems are under one central umbrella of responsibility and the workers entering the data are employees of the state with at least some background checks required to gain access.

Hunting and fishing licenses are different. In many states, including my home fishing grounds of New York, licenses are handled at any number of sporting goods outlets, hardware stores or other retailers large and small. The place I go for mine nearly every year is a tiny, family operated general goods store in a hamlet in the Adirondack Mountains with a population of less than 250. When you ask for your license you are equally likely to be waited on by the grandmother in her seventies or the teenage daughters who are taking care of the task in between runs out behind the building to argue with the kid who collects night crawlers in cups to sell as bait. And these are the folks who are collecting private data to enter into a government database.

How many other partnerships link personal data required by the government with private entities sporting dubious security pedigrees? One relative of mine has worked for several years as a data entry clerk through a temp agency which supplies workers to a sub-contractor who handles tax information for one of the largest investment banking firms on Wall Street. To be clear, these workers have to pass a security clearance check and there are safeguards in place regarding bringing cameras and phones into the workplace so it’s not exactly the wild west in terms of data hacking. But we’re talking about minimum wage employees who get no benefits as “temp” workers and who are mostly marking time while looking for a “real job.” And they are reading and handling the tax and income information of people from across the nation, as well as their retirement savings account numbers. It doesn’t inspire confidence.

The battle against data hacking will be with us for as long as there are computers, but if the government is going to get serious about protecting our data it may have to start with a fresh look at who gets to control the entry of this information. If we’re going to outsource those jobs to non-government workers we clearly can’t be so casual about who is doing this work.