OLYMPIA, Wash. (AP) — The state Public Disclosure Commission's network was breached earlier this month, though officials on Tuesday said no information was compromised.
Michael Smith, chief technology officer for the state agency, said that the agency was notified by the state's Consolidated Technology Services last week that a virus had hit the network on Aug. 17, but that the actual network incursion occurred on Sept. 8.
Smith says that the PDC was told by CTS that the incursion was initially believed to be domestic, but was likely done by a foreign government. Smith said no sensitive information was obtained or changed on the system, which contains financial records that are public records. The commission provides public access to information about financing of political campaigns and lobbying activities.
"We believe it was mostly for a reconnaissance mission to identify machines on our network," Smith said.
However, David Postman, a spokesman for Gov. Jay Inslee, said that there was no evidence of foreign involvement.
"Often it is a possibility that an attack can come from overseas, but in this case we are certain there is no good evidence that this was any foreign government," Postman said in an emailed response. "There were foreign IP addresses, which is quite common in hacking attacks. This is considered a lower level attack."
Smith said that CTS was notified of the breach by the FBI, which saw some of the agency's usernames and passwords on a reputed hacker's website. Since the agency learned of the hack, Smith said that passwords have been changed, and CTS has been scanning their sites looking for potential points of vulnerability.
The FBI is currently analyzing the case, Smith said.
This is the second known data breach in the state this year. In May, the Washington state Administrative Office of the Courts announced that it was hacked sometime between last fall and February, when officials warned that up to 160,000 Social Security numbers and 1 million driver's license numbers may have been accessed during a data breach of its public website.