Officials: Up to 20% of state impacted by Tacoma-Pierce County data breach

Anyone who’s worked in food service in Washington state prior to 2019 may have had their personal data exposed due to unauthorized access to the Washington State Food Worker Card online training system database.

Last Friday, the Tacoma-Pierce County Health Department, or TPCHD, announced in a mailer that at some point in the past, an “unauthorized person” accessed a database containing the user account information for 1.5 million individuals and posted that data to an online forum.

The Department of Justice notified TPCHD on June 1 of this year that the breach occurred after it was discovered by the federal government sometime in late 2022.

Data posted consisted of a database copy from November 18, 2018, including name, date of birth, email address and ZIP code.

The size of this data breach accounts for approximately 20% of Washington’s population.

“The reason it’s such a large number is because we do the food worker cards for pretty much everybody in the state,” said Kenny Via, public information officer and content manager for TPCHD.

That means the data breach impacted the entire state.

On June 26, the health department also learned that 9,500 of those records contained drivers license numbers.

In 2018, when the breach occurred, the law was written such that only those 9,500 individuals would need to be notified.

State law has since been updated for more rigorous data disclosure requirements.

In the interest of transparency, the TPCHD decided to notify all 1.5 million individuals as well as the state Attorney General’s Office, not just those people whose driver's license numbers were leaked.

Since that time, Washington has implemented a new numbering system for its drivers licenses, and it’s likely most or all of those users have a new license.

The breach occurred under the tenure of a former software vendor TPCHD no longer uses.

“Our new support vendor transitioned our system from a legacy Adobe Flash-based website to a modern cloud hosted HTML5 application with cloud hosted database,” Via told The Center Square.

“We’re confident everything is secure now in this new system,” he added.

The news release announcing the breach said it did not pose "a high risk for identity theft. However, if you’re affected, we encourage you to protect your information and review your credit reports.”

More information can be found at the department's website.