DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Vendor to offer protection to those affected by fishing and hunting licenses hack

Posted on September 18, 2016 by Dissent

Well, from reading news coverage, I knew this was coming, but here’s the official announcement: ACTIVEOutdoors, the vendor involved in the hack of several states’ hunting and fishing license sites, will be offering two years of credit monitoring services to people in three states. Here is their announcement:

ACTIVEOutdoors announced today that on August 22, 2016, it became aware that it was the victim of an unauthorized and unlawful access to certain information in the state online hunting and fishing applications that ACTIVEOutdoors operates on behalf of the states of Idaho, Oregon, and Washington. The ACTIVEOutdoors team immediately began an investigation in coordination with the impacted states, and within a few hours had released an update to those applications to address the reported threat.

As an additional protective measure, ACTIVEOutdoors engaged a top-tier cybersecurity firm to conduct an independent review. That review confirmed that the incident was successfully addressed and was isolated to those three states with respect to hunting and fishing accounts that were created prior to July 2006 for Washington customers, and July 2007 for Idaho and Oregon customers. Importantly, no credit card or financial information was involved, and ACTIVEOutdoors is not aware of any fraud associated with this incident. No other system or property of ACTIVEOutdoors or its related businesses were impacted by this incident.

For persons who applied for or purchased hunting and fishing licenses in the impacted states during this timeframe, it has been determined that name, address, date of birth, and driver’s license number were potentially accessed for Oregon and Washington customers. Additionally, full Social Security numbers may have been accessed for customers who applied for or purchased Idaho hunting and fishing licenses prior to July 2007.

ACTIVEOutdoors is committed to working with the state agencies and law enforcement in their ongoing investigation of the incident.

Letters to those potentially impacted by the incident will be mailed beginning on Monday September 19, 2016. These letters include an explanation of the incident, an offer of two years of free identity protection and restoration services, and information about additional ways impacted individuals can protect themselves.

Consumers should note that under no circumstances will ACTIVEOutdoors or the three impacted states call you or send you a message and ask for your personal information in connection with this incident. You should not provide personal information to anyone who calls you or sends you a message about this incident.

To Learn More

ACTIVEOutdoors has established a website, which will be available starting on Monday September 19, 2016 at 9am CDT, where people can check to see whether their information was potentially impacted, receive instructions on how to access identity protection and restoration services, and receive tips to protect against identity theft. The website address is https://activeoutdoors.allclearid.com.

Category: Government SectorHackSubcontractorU.S.

Post navigation

← Personal Information of La Joya ISD Teachers Accidentally Released
Texas Doctor Resentenced to Prison Following Appeal →

5 thoughts on “Vendor to offer protection to those affected by fishing and hunting licenses hack”

  1. Regret says:
    September 18, 2016 at 10:57 am

    Would be nice if breaches like this boosted grassroots support for an alternative solution to SSNs for identification purposes. At this point, may be easier to come up with a more secure system for Social Security and tax purposes (perhaps including 2FA) and leave the old SSNs out there as an non-secure national ID number.

  2. Regret says:
    September 18, 2016 at 11:03 am

    Another thought: the dates referenced in the announcement quoted above are open ended, “…accounts that were created prior to July 2006 for Washington customers, and July 2007 for Idaho and Oregon customers. ” Seems like they should include a start date too, otherwise, they are suggesting that decades of licensees are affected. I’ll go on the site tomorrow to see if my now-deceased father is on their list (Washington State resident); I don’t know when he last got a fishing license, but it will be interesting to see how far back their data goes.

    1. Dissent says:
      September 18, 2016 at 11:06 am

      Let us know what you find, please.

  3. Regret says:
    September 19, 2016 at 3:34 pm

    OK – I went to the site and input my deceased father’s name and my e-mail address. I was sent a message, which in the relevant part says,

    “ACTIVEOutdoors sincerely apologizes for any inconvenience or concern caused by this incident and we are committed to taking steps to protect your personal information. As an added precaution, we have arranged to have AllClear ID provide you with two years of identity repair at no cost to you. The following service starts on the date of this notice, and you can use it at any time during the next two years.

    AllClear Identity Repair. This service is automatically available to you with no enrollment required. If a problem arises, simply call 1-855-260-2772 (toll-free) and a dedicated investigator will help recover financial losses, restore your credit, and make sure your identity is returned to its proper condition.

    We want to reassure you that we are committed to working with the relevant state agencies and law enforcement to assist in their own investigations into this matter. At this time, ACTIVEOutdoors is not aware of any fraud associated with this incident. Nevertheless, we recommend that you remain vigilant by regularly reviewing account statements and monitoring free credit reports.

    Should you have any questions regarding this incident, please call 1-855-260-2772 (toll-free).”

    Notably, I didn’t provide them any information other than his name and my email address.

    Then, I did the same with my own name and email address. I received an identical e-mail message. I called the toll free number and they told me that I did not need to do anything else to receive the free service and that there was no enrollment process other than what I did. I have not had a fishing license for 20+ years, and at this point don’t know if they are checking my name against the breached data or if they can somehow sign up people for an ID protection service using only an email address and name. I will add another comment if I hear from them again.

    1. Dissent says:
      September 19, 2016 at 4:55 pm

      Thank you. It sounds like they’re basing the offer just on name – or worse, just on the fact that someone contacts them. Weird.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Banks Want SEC to Rescind Cyberattack Disclosure Requirements
  • MathWorks, Creator of MATLAB, Confirms Ransomware Attack
  • Russian hospital programmer gets 14 years for leaking soldier data to Ukraine
  • MSCS board renews contract with PowerSchool while suing them
  • Iranian Man Pleaded Guilty to Role in Robbinhood Ransomware
  • Developments surrounding data breach at Dutch police
  • Estonia launches international search for Moroccan citizen wanted over data theft
  • Now it’s Tiffany: Another LVMH luxury brand hit by hackers
  • Dutch Government: More forms of espionage to be a criminal offence from 15 May onwards
  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.