Washington State’s License Express System Allegedly Left Vulnerable for Years, Risking Identity Fraud and Voter Roll Integrity
A tort claim filed by Washington resident William Black, represented by attorney Joel Ard, alleges that the state’s License Express system contained a known security flaw a "back door" as early as 2018, yet remained unaddressed until early 2025. The lawsuit, based on the Washington Data Breach Notification Act, suggests the state attempted to conceal the severity of the issue rather than rectify it, potentially paving the way for a class-action lawsuit.
The Washington Department of Licensing (DOL) reportedly ignored red flags, including hundreds of driver’s licenses being redirected to single addresses and paid for with untraceable prepaid Visa cards. Despite these anomalies, the system remained exposed for years, raising concerns about identity theft and fraud.
While the DOL maintains it has found "no evidence" of a direct data breach, critics argue the agency’s negligence endangers all Washingtonians. A driver’s license serves as a primary identity verification tool, and a compromised system could facilitate widespread fraud. Washington GOP Chairman Jim Walsh warned that the implications extend beyond privacy, as the state’s automatic voter registration tied to driver’s licenses could undermine the integrity of voter rolls.
The DOL has 40 days to respond to the claim but has stated it takes fraud seriously and is reviewing the filing. The case highlights growing scrutiny over state-managed identity systems and their role in election security.
Source: https://seattlered.com/politics/washington-dol-license-express-data-breach/4117416
Washington State Department of Licensing cybersecurity rating report: https://www.rankiteo.com/company/washington-state-department-of-licensing
"id": "WAS1774363108",
"linkid": "washington-state-department-of-licensing",
"type": "Vulnerability",
"date": "1/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'All Washington residents with '
'driver’s licenses (potential '
'identity theft risk)',
'industry': 'Public Sector / Government Services',
'location': 'Washington, USA',
'name': 'Washington State Department of Licensing '
'(DOL)',
'size': 'State-level agency',
'type': 'Government Agency'}],
'attack_vector': 'Exploited System Vulnerability (Back Door)',
'data_breach': {'personally_identifiable_information': 'Driver’s license '
'details, names, '
'addresses',
'sensitivity_of_data': 'High (used for identity verification '
'and voter registration)',
'type_of_data_compromised': 'Driver’s license information, '
'personally identifiable '
'information (PII)'},
'date_detected': '2018',
'date_publicly_disclosed': '2025',
'date_resolved': 'early 2025',
'description': 'A tort claim filed by Washington resident William Black '
'alleges that the state’s License Express system contained a '
"known security flaw ('back door') as early as 2018, yet "
'remained unaddressed until early 2025. The lawsuit suggests '
'the state attempted to conceal the severity of the issue, '
'potentially enabling identity theft and fraud. The Washington '
'Department of Licensing (DOL) reportedly ignored red flags, '
'including hundreds of driver’s licenses being redirected to '
'single addresses and paid for with untraceable prepaid Visa '
'cards. The system’s vulnerability raises concerns about '
'identity theft and the integrity of voter rolls due to '
'automatic voter registration tied to driver’s licenses.',
'impact': {'brand_reputation_impact': 'Damage to public trust in '
'state-managed identity systems and '
'election security',
'data_compromised': 'Driver’s license information, personally '
'identifiable information (PII)',
'identity_theft_risk': 'High (driver’s licenses used as primary '
'identity verification)',
'legal_liabilities': 'Potential class-action lawsuit under '
'Washington Data Breach Notification Act',
'operational_impact': 'Potential fraudulent issuance of driver’s '
'licenses, compromised voter registration '
'integrity',
'payment_information_risk': 'Prepaid Visa cards used for '
'fraudulent transactions',
'systems_affected': 'Washington State License Express system'},
'initial_access_broker': {'backdoors_established': 'Alleged back door present '
'since 2018',
'entry_point': 'Exploited back door in License '
'Express system',
'high_value_targets': 'Driver’s license data (used '
'for identity verification '
'and voter registration)'},
'investigation_status': 'Ongoing (DOL reviewing the claim)',
'lessons_learned': 'State-managed identity systems require proactive security '
'measures to prevent fraud and protect voter roll '
'integrity. Ignoring red flags can lead to prolonged '
'vulnerabilities and legal consequences.',
'motivation': 'Identity Fraud, Potential Voter Roll Manipulation',
'post_incident_analysis': {'corrective_actions': 'Addressing the security '
'flaw (as of early 2025), '
'reviewing the tort claim',
'root_causes': 'Negligence in addressing known '
'security flaws, lack of proactive '
'monitoring for fraudulent '
'activity'},
'recommendations': ['Immediate patching of known vulnerabilities in identity '
'systems',
'Enhanced monitoring for fraudulent activity (e.g., bulk '
'license redirections)',
'Transparency in disclosing security flaws to the public',
'Strengthening voter registration verification processes '
'tied to driver’s licenses',
'Regular security audits of state-managed systems'],
'references': [{'source': 'Tort claim filed by William Black (represented by '
'attorney Joel Ard)'}],
'regulatory_compliance': {'legal_actions': 'Tort claim filed, potential '
'class-action lawsuit',
'regulations_violated': 'Washington Data Breach '
'Notification Act (alleged '
'failure to disclose)'},
'response': {'communication_strategy': 'DOL states it takes fraud seriously '
'and is reviewing the filing',
'remediation_measures': 'Reviewing the tort claim, addressing '
'the security flaw (as of early 2025)'},
'stakeholder_advisories': 'Washington GOP Chairman Jim Walsh warned about '
'risks to voter roll integrity.',
'title': 'Washington State’s License Express System Allegedly Left Vulnerable '
'for Years, Risking Identity Fraud and Voter Roll Integrity',
'type': 'Data Exposure',
'vulnerability_exploited': 'Known security flaw (back door) in License '
'Express system'}