According to a statement issued by the Florida Department of Agriculture and Consumer Services, there’s been a major data breach. The breach has compromised the records of close to 17k individuals with Florida issued concealed carry licenses, some records including social security numbers and other personal data.
For those who obtained a license after 2009 this isn’t good news, but it isn’t as bad as it could be.
Prior to 2009 Florida required applicants to enter their social security number in an online form. Thankfully someone figured out that this wasn’t a great idea and put a stop to it.
According to the official statement, only 469 licensees had their social security number stored in the compromised system. Florida is footing the bill to provide identity theft monitoring services for those individuals.
The remainder of the impacted licensees (which, according to the statement, is less than one percent of all licensees) simply had their name identified and no other identifiable information.
Or so they claim. Here’s the thing . . .
As an IT security professional, I see cases all the time where information was compromised. Usually ,the people in charge have no idea the scope of the issue. On average it takes 146 days for people to even know that they have been compromised, let alone stop the attack and fix whatever was broken.
So when a government agency says they had a data breach and “only a limited number of people were impacted” my natural assumption is that they have no idea how bad the situation really is. They’re just trying to do the bare minimum level of reporting.
For those readers who have a Florida CHL, keep an eye on your credit report. Even if you aren’t one of the 469 lucky “known” compromised individuals.