Over on Sound Politics, Mark Griswold writes:
While perusing the PDC’s website this morning I came across a major security breach. For obvious reasons I’m not going to post the information I have and like a good citizen I’ve reported it to the PDC. In short though, I am now in possession of the names, Filer IDs, passwords, password hints and answers for every registered lobbyist in Washington State. It’s a good thing they don’t have access to our social security numbers.
UPDATE: Problem solved. At least it was only accessible for about an hour.
PDC refers to Washington State’s Public Disclosure Commission. I contacted them about the incident and a spokesperson responded:
I am responding to your e-mail sent to the PDC yesterday that asked about a security breach. Less than 50%, or approximately 400, of the current registered lobbyists in the state have e-filing accounts. The report was first viewed on Saturday, September 19, and we disabled the passwords the following Monday when we learned that the report had been accessed externally. We believe the breach was caused by someone typing a partial URL into their Internet browser and then being supplied possible choices by the browser’s “Autocomplete Suggestion” feature. We have taken corrective steps to ensure this cannot happen again.
In follow-up correspondence, the spokesperson indicated that passwords were changed yesterday and that everyone was notified of the change and why.