[BreachExchange] Massive data breach exposes over 16, 000 concealed weapons permit holders in Florida

Audrey McNeil audrey at riskbasedsecurity.com
Tue May 23 19:03:55 EDT 2017


Florida officials said hackers may have stolen the names of over 16,000
people who have concealed weapon permits in the state. The Florida
Department of Agriculture and Consumer Services revealed on Monday (22 May)
that the breach occurred through its online payment system, which processes
payments for customers' permits and other applications.

The department said people with concealed weapon licences in the state who
renewed online may have had their names stolen in the attack. The breach
may have also revealed the social security numbers of 469 customers as
well, FDACS said.

Spokesperson Jenn Meale told Tampa Bay Times that the breach, believed to
have taken place two weeks ago, was discovered by the agency less than 24
hours after it occurred. The agency said the breach is believed to have
originated overseas.

Meale added FDACS was "able to identify it quickly and shut the system

"Other information possibly accessed per the data breach is all public
information and poses no risk of identity theft," the department said in a
statement, noting that no financial information was accessed in the breach.

"The department takes cybersecurity seriously and acted quickly to mitigate
the effects of this breach. The privacy of the department's customers is a
top priority and will remain so."

The department did not reveal how the hacker gained access to the system or
name any suspected perpetrators behind the cyberattack.

People affected by the attack have been notified, the department said. The
nearly 500 people whose Social Security numbers have been compromised have
been offered free credit monitoring and fraud alert for one year.

Agriculture Commissioner Adam Putnam, who is running for governor in 2018,
has ordered a review of the department's cybersecurity measures. Florida
state law enforcement are currently investigating the data breach.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170523/1f80e84c/attachment.html>

More information about the BreachExchange mailing list