- The Department reported that it received complaints from some users who had inadvertently seen personal information belonging to other applicants.
- The website auto-populated with someone else’s personal data which includes birth dates, contact information, bank account information and Social Security numbers.
The Alaska Department of Revenue has shut down its Permanent Fund Dividend website amid a potential security breach. It is believed that a bug on the website is allowing anyone to access the details of applicants.
What happened?
The Department reported that it received complaints from some users who had inadvertently seen personal information belonging to other applicants.
The users discovered that a bug in the application page was sharing the personal detail of other users. Whenever a user tried to fill the application form, the website auto-populated with someone else’s personal data which includes birth dates, contact information, bank account information, and Social Security numbers.
The department is yet to confirm whether the data leak occurred due to a software error on the website or any threat actor was involved in the hack.
Addressing the issue
The department promptly took down the website soon after the discovery of the issue. It is also working closely with Alaska’s Office of Information Technology to understand the actual reason behind this data leak.
"We have reports from a couple of different applicants that they would refresh a certain screen and someone else's personal information would be populated there. Fortunately, we shut it down so quickly that it's actually under 100 folks that applied online," said Bruce Tangeman, Commissioner of Department of Revenue, KTUU reported.
The website is expected to be back online as soon as the investigation is complete and the issue is resolved. Anne Weske, director of the PFD has said that the application was online for about 30 minutes before it was taken offline.
The number of individuals affected in the breach is unknown. However, it is believed that as many as 100 people had filed their applications before the website became offline.
The department plans to inform the affected applicants about the breach via email.
Publisher
/https://cystory-images.s3.amazonaws.com/shutterstock_314721575.jpg)
/https://cystory-images.s3.amazonaws.com/shutterstock_502880731.jpg)
