On-Line Poachers Hack Idaho F&G

It may not be Wikileaks or Hillary’s missing 15,000 missing messages, but a computer breach that is more serious than politics was revealed Wednesday evening in Idaho. Other states are checking for breaches as well.

Here is the report from Idaho’s Fish and Game Department.

Wednesday, August 24, 2016 – 9:10 PM MDT
The Idaho Department of Fish and Game on Wednesday announced it has temporarily suspended the sale of licenses and tags online after being notified that its online license vendor’s computer system was breached. The State of Idaho online licensing system will be down indefinitely until state officials can ensure the public’s information will be secure.

In the meantime, the public can still buy licenses and tags at any Fish and Game office or business that sells licenses and tags through a separate system that was not part of the breach. Fish and Game officials regret the inconvenience to hunters and anglers, but are taking these steps out of abundance of caution.

Whether any of Idaho Fish and Game’s license buyers’ information was obtained has not yet been determined. Fish and Game is working with the online vendor to investigate the matter and determine whether and to what extent Idaho data was accessed.

Other Western states are investigating similar reported breaches and have also taken precautions.

Idaho officials are confident people can safely buy licenses and tags in person at Fish and Game offices and businesses that sell licenses and tags.

Comments & Discussion

Comments are closed for this post.

  1. I have never understood why businesses (like the state’s vendor) store debit and credit card information. Once they have the money (and that’s immediate with a debit card) why not just delete the info? If it’s for convenience–so I won’t have to type it in again on a re-order–I would gladly give that up for more security.

  2. @eric

    holding the credit card info is required for processing a refund. This is to both avoid merchant services fees for refunded transactions and prevent various types of fraud. For a very very small uptick in merchant services fees, vendors can increase the security of storing credit card numbers through what is called tokenization which is stronger security than encryption. Vendors should also have the storage of credit card numbers be done by the major merchant services firm or processor, since those servers are often more secure and professionally managed for this type of sensitive info.

    What worries me, if it is still a Fish and Game practice, is the requiring of a social security number for a license. Years ago my father visited from another State, Fish and Game would not sell him an out-of-state 3-day fishing permit without all his personal info including his social security number. With this info any hacker could easily create identity theft. Why to go fishing you must present a social security number is absurd and stinks of lazy system design to use a SS# for a unique customer identifier in the database.

  3. I remember when SS#’s were used instead of a driver’s license number. It looks like the F&G is following a state statute, that may be indirectly related to F&G. 73-122 Requires a SS# for any kind of license.

  4. TechnoUtopia
    Aug 27, 2016, 9:47 am

    Someday we will realize how stupid it was to place all private information in places where thieves, foreign governments, and the United States National Security Agency could easily steal all of it.

Get the Guardian by email

Enter your email address: