A vulnerability involving a Washington State Department of Transportation system might have exposed personal information stored in an internal database of about 2,249 people

Data incident
A vulnerability involving a Washington State Department of Transportation system might have exposed personal information stored in an internal database of about 2,249 people, and the agency is reaching out to help notify them of the incident.

A vulnerability involving a Washington State Department of Transportation system might have exposed personal information stored in an internal database of about 2,249 people, and the agency is reaching out to help notify them of the incident.

It is not known if anyone actually obtained the information for illegal use, and the vulnerability within the system has been resolved. The database system is not connected to any other databases outside of WSDOT. However, because some personal information was included in the database, WSDOT, in an abundance of caution, has set up a call center to locate and verify those who may have been affected and provide information and details about free credit monitoring for eligible affected individuals.

Details about the issue are included below:

What happened?
On Dec. 29, 2021, WSDOT learned that an older data system maintained by the agency was able to be manipulated in a way to extract information from the database. WSDOT immediately addressed the security issue by applying a security fix on this system within hours of learning of the vulnerability to prevent similar access and then verifying whose information had been vulnerable.

Was personal information disclosed?
The database included first and last names and the last four digits of Social Security numbers. To be clear, the information did not include individuals’ full social security numbers, and no other personal information was involved. We do not know if anyone obtained the personal information for illegal purposes, but it was possible given the database vulnerability.

Who is affected?
The database tracked compliance with the federal On-The-Job Training requirements construction trainee requirement and included information of 2,249 trainees from 1986 to 2021. These were not WSDOT employees but rather worked for construction contractors working on WSDOT projects.

If you think you were affected by this incident, please call 1-844-917-4454 for verification and more details. You can also email further questions or requests for credit monitoring for eligible individuals to: [email protected].

What action was taken?
WSDOT immediately addressed the security issue by applying a security fix on this system within hours of learning of the vulnerability to prevent similar access and then verifying whose information had been vulnerable.

What is the next step?
We take privacy and personal information very seriously. We conducted a thorough review of our system to ensure confidential information is appropriately protected and are reviewing policies and training going forward.

General personal information safety information
Here are some recommended resources to for anyone wanting more information on how to protect their credit and personal information:

WA State Office of the Attorney General website: www.atg.wa.gov
Federal Trade Commission: www.ftc.gov