The Washington State Department of Licensing has reported a database breach which has potentially exposed personal information of millions of licensed professionals, ranging from real estate agents to auctioneers, after it detected suspicious activity on its online licensing system. In response to this news, cyber security experts has offered perspectives.
While there are few details in the report, it appears that very sensitive personal data has been stolen, including social security numbers. Detecting a massive data set stolen is rare. Often organizations are blind to data being stolen over periods of time till it becomes apparent a large set of data has been stolen. Attackers effectively hide and trickle out data in many cases because most traditional SIEM or XDR solutions have great difficulty in understanding this trickle is part of a large attack campaign. Organizations need to research solutions that are more effective at not just thwarting attacker efforts early in the kill chain before data is exfiltrated, but can correlate small bursts of activity spread across time as a long-standing data theft operation by a clever threat actor.