'It's an obvious problem': Class action lawsuit alleges WA's DOL left door open for identity fraud
A class action lawsuit alleges the Washington State Department of Licensing left a security flaw open that allowed identity fraud affecting over 10,000 people.Summary
The Washington State Department of Licensing is facing a class action lawsuit after a security flaw allegedly enabled identity fraud affecting more than 10,000 people. The lawsuit, filed by attorney Joel Ard, alleges that the DOL's decision to launch a new online service called License Express while simultaneously changing the driver's license number system left a critical vulnerability. The old driver's license number was generated using an algorithm based on a person's birth date, meaning that anyone who knew a person's name and birth date could derive their license number. The DOL's new system allowed users to log in with their name, birth date, and driver's license number to update their information. Because the license number was insecure, an attacker could potentially use public voter registration records to obtain a person's name and birth date, then log in as that person and redirect their driver's license to a different address. This flaw exposed sensitive personal information and created a significant risk of identity theft, as the driver's license is a core document for proving one's identity.
(Source:Headtopics)