Potential data breach exposed in state’s travel exemption request system

[Destry Winant <destry () riskbasedsecurity com>]

https://www.hawaiinewsnow.com/2020/10/10/potential-data-breach-exposed-states-travel-exemption-request-system/

HONOLULU, Hawaii (HawaiiNewsNow) - The state is investigating a
potential breach of data within one of their systems tied to the
Attorney General’s office.

Nearly 150 individuals who applied for a travel exemption through the
state Attorney General’s website were notified Friday about the
potential breach.

It impacts applicants between Sept. 18 and Sept. 21.

In the email notice, officials say during that time, the system could
have been exploited to allow users to access the personal information
of other applicants. This information is believed to have exposed
names, phone numbers, and copies of state IDs.

It’s unclear however if any information was in fact compromised, but
the system has reportedly been fixed.

“The State reviewed how the application accesses data in the database
and will continue monitoring the application and look at ways to
further safeguard usersʻ information,” the notification sent out said.

Officials tell Hawaii News Now, the over two-week delay between the
system fix and notifying those who were potentially impacted was not
unreasonable and within legal requirements.

Those who were notified about the potential breach were urged to
contact the Attorney General’s office at hawaiiag () hawaii gov if they
have further questions or concerns.
_______________________________________________
BreachExchange mailing list sponsored by Risk Based Security
BreachExchange () lists riskbasedsecurity com

If you wish to Edit your membership or Unsubscribe you can do so at the following link:
https://lists.riskbasedsecurity.com/listinfo/breachexchange