[BreachExchange] Potential data breach exposed in state’s travel exemption request system

[Destry Winant]

https://www.hawaiinewsnow.com/2020/10/10/potential-data-breach-exposed-states-travel-exemption-request-system/

HONOLULU, Hawaii (HawaiiNewsNow) - The state is investigating a
potential breach of data within one of their systems tied to the
Attorney General’s office.

Nearly 150 individuals who applied for a travel exemption through the
state Attorney General’s website were notified Friday about the
potential breach.

It impacts applicants between Sept. 18 and Sept. 21.

In the email notice, officials say during that time, the system could
have been exploited to allow users to access the personal information
of other applicants. This information is believed to have exposed
names, phone numbers, and copies of state IDs.

It’s unclear however if any information was in fact compromised, but
the system has reportedly been fixed.

“The State reviewed how the application accesses data in the database
and will continue monitoring the application and look at ways to
further safeguard usersʻ information,” the notification sent out said.

Officials tell Hawaii News Now, the over two-week delay between the
system fix and notifying those who were potentially impacted was not
unreasonable and within legal requirements.

Those who were notified about the potential breach were urged to
contact the Attorney General’s office at hawaiiag at hawaii.gov if they
have further questions or concerns.