The Tacoma-Pierce County Health Department (TPCHD) revealed that unauthorized access to the Washington State Food Worker Card online training system database has potentially exposed personal data for over 1.5 million individuals who worked in food service in the state before 2019. The breach, detected by the federal government in late 2022, involved an “unauthorized person” accessing the database and posting the data to an online forum. The compromised data included names, dates of birth, email addresses, ZIP codes, and, for 9,500 individuals, driver’s license numbers.
Due to the scale of the breach, impacting approximately 20% of the state’s population, TPCHD chose to notify all 1.5 million individuals and the State Attorney General’s Office, prioritizing transparency in their response. The breach occurred in November 2018, and state law at the time required only the notification of the 9,500 individuals whose driver’s license numbers were leaked.
However, updated data disclosure requirements prompted TPCHD to adopt a comprehensive approach and inform all affected individuals about the potential data exposure. Following the breach, Washington implemented a new numbering system for driver’s licenses, enhancing security measures.
TPCHD assured the public that their new support vendor has transitioned the system from a legacy Adobe Flash-based website to a modern cloud-hosted HTML5 application with a cloud-hosted database, improving data security.
Despite the breach, the health department stated that the risk of identity theft is not considered high, but still advised affected individuals to protect their information and review their credit reports.
The breach serves as a reminder of the importance of robust data protection measures in all sectors, especially when dealing with sensitive personal information.
