Earlier this week, the Kentucky Department of Fish and Wildlife Resources (Fish and Wildlife) learned that customer information was illegally accessed by an unauthorized third party. The department acted immediately to fix the vulnerability and notified the Commonwealth Office of Technology (COT) of the incident. The agencies are coordinating to prevent any further unauthorized access.
Though the investigation is ongoing, thus far it appears that the data accessed was name, address, birthdate, last 4 digits of SSN, and phone and email address if listed. No credit card numbers, full social security numbers, usernames or passwords were available to the unauthorized third party user. Licensing information does not appear to have been impacted.
COT is conducting numerous scans and tests on the Fish and Wildlife web-based systems to confirm the integrity and security of those systems as well as to confirm that only the data identified above was compromised.
Several other states experienced similar data breaches. Fish and Wildlife and COT are working with those states as well as appropriate law enforcement authorities to investigate the incident.
The Department for Fish and Wildlife Resources and the Commonwealth Office of Technology want to remind everyone to be diligent in monitoring their credit reports and financial records for any suspicious activity.
The Kentucky Department of Fish and Wildlife Resources considers the security of customer information a top priority and will continue to work diligently to protect its customers from these types of malicious attacks. If a consumer has a question about their account with the department, they can call the help desk at 800-858-1549.
Information and resources on consumer protection can be found on the Kentucky Attorney General’s website at ag.ky.gov.