Officials: Public Disclosure Commission hacked

Washington agency provides public access to campaign data



OLYMPIA — The state Public Disclosure Commission’s network was breached earlier this month, though officials on Tuesday said no information was compromised.

Michael Smith, chief technology officer for the state agency, said that the agency was notified by the state’s Consolidated Technology Services last week that a virus had hit the network on Aug. 17, but that the actual network incursion occurred on Sept. 8.

Smith says that the PDC was told by CTS that the incursion was initially believed to be domestic, but may have been done by a foreign government. Smith said no sensitive information was obtained or changed on the system, which contains financial records that are public records. The commission provides public access to information about financing of political campaigns and lobbying activities.

“We believe it was mostly for a reconnaissance mission to identify machines on our network,” Smith said.

However, David Postman, a spokesman for Gov. Jay Inslee, said that there was no evidence of foreign involvement.

“Often, it is a possibility that an attack can come from overseas, but in this case we are certain there is no good evidence that this was any foreign government,” Postman said in an emailed response. “There were foreign IP addresses, which is quite common in hacking attacks. This is considered a lower level attack.”

Smith said that CTS was notified of the breach by the FBI, which saw some of the agency’s usernames and passwords on a reputed hacker’s website. Since the agency learned of the hacking, Smith said that passwords have been changed, and CTS has been scanning their sites looking for potential points of vulnerability.

The FBI is currently analyzing the breach, Smith said, but, Postman said that the FBI was not involved.

In an email, FBI spokeswoman Ayn Dietrich said she could neither confirm nor deny any investigation, but wrote “the public should be assured that the FBI takes seriously cyber intrusions that could compromise national security.”

This is the second known data breach in Washington state this year.