The state Public Disclosure Commission’s network was breached earlier this month, though officials Tuesday said no information was compromised.
Michael Smith, chief technology officer for the state agency, said that the agency was notified by the state’s Consolidated Technology Services last week that a virus had hit the network on Aug. 17, but that the actual network incursion occurred Sept. 8.
Smith said the PDC was told by CTS that the incursion was initially believed to be domestic, but may have been done by a foreign government. Smith said no sensitive information was obtained or changed on the system, which contains financial records that are public records. The commission provides public access to information about financing of political campaigns and lobbying activities.
“We believe it was mostly for a reconnaissance mission to identify machines on our network,” Smith said.
However, David Postman, a spokesman for Gov. Jay Inslee, said there was no evidence of foreign involvement.
“Often it is a possibility that an attack can come from overseas, but in this case we are certain there is no good evidence that this was any foreign government,” Postman said in an emailed response. “There were foreign IP addresses, which is quite common in hacking attacks. This is considered a lower level attack.”
Smith said that CTS was notified of the breach by the FBI, which saw some of the agency’s user names and passwords on a reputed hacker’s website. Since the agency learned of the hack, Smith said that passwords have been changed, and CTS has been scanning its sites looking for potential points of vulnerability.
Postman said that the hack concerned a single computer application used, and that a total of four state agencies had used a similar application.
“As a precaution, we took them down and put up a firewall protection,” he said, but noted that no other agencies had been breached at this point.
Smith said the FBI is currently analyzing the breach. But Postman said that the FBI was not involved.
In an email, FBI spokeswoman Ayn Dietrich said she could neither confirm nor deny any investigation, but wrote “the public should be assured that the FBI takes seriously cyber intrusions that could compromise national security.”
This is the second known data breach in Washington state this year. In May, the state Administrative Office of the Courts announced that it was hacked sometime between last fall and February, when officials warned that up to 160,000 Social Security numbers and 1 million driver’s license numbers may have been accessed during a data breach of its public website.