The names of thousands of concealed carry permit holders in Florida may have been leaked as the result of a recent data breach, state officials said.
An online payment system utilized by the Florida Department of Agriculture and Consumer Services (FDACS) was compromised about two weeks ago, the office acknowledged Monday, in turn exposing the Social Security numbers of 469 customers as well as the names of 16,190 concealed weapon licensees.
No financial information was obtained in the breach, and any additional records possibly compromised were already publicly available and pose “no risk of identity theft,” the announcement said.
“The social security numbers that may have been obtained had been entered in an online field where either a social security number or Federal Employer Identification Number could be entered,” the statement said. “In 2009, the department began only to request a FEIN in this field and stopped the prior practice of requesting either a Social Security number or FEIN.
“Only concealed weapon licensees who renewed online may have had their names accessed,” the announcement continued. “The department’s Office of Inspector General determined that there is no risk of identity theft to these licensees.”
Florida is nonetheless offering a year of complimentary credit protection to individuals whose Social Security numbers were exposed, and Agriculture Commissioner Adam Putnam has ordered a “comprehensive review of the department’s cybersecurity measures,” according to the statement.
The payment system had been used by the state “for application, registration, renewal and permit fees,” department spokeswoman Jennifer Meale told Patch.
“We were able to identify it quickly and shut the system down,” Ms. Meale told the Tampa Bay Times of the recent data breach.
The thousands of licensees whose names were exposed constitute less than one percent of the total concealed carry permit holders in all of Florida, according to the FDACS.
“The department takes cybersecurity seriously and acted quickly to mitigate the effects of this breach. The privacy of the department’s customers is a top priority and will remain so,” the department’s statement read.
Copyright © 2017 The Washington Times, LLC.