Dear Licensees: I am writing with an important message regarding the complications with this week’s transition to the new traceability system, Leaf Data Systems. Intrusion of Traceability As we’ve communicated already, that issue was corrected on Monday Feb. 5, 2018, and communicated to licensees. We recognize that there are other known issues within the system. There are workarounds for most. They will be fixed in subsequent releases. The state’s vendor, MJ Freeway, became aware of the transfer abnormality on Saturday. The company immediately began a review and identified it as a potential security incident on Monday. MJ Freeway immediately notified the WSLCB. The WSLCB then contacted the Washington State Office of CyberSecurity, (OCS), which examined the data taken to determine if it contained personally identifiable information, PII. No Personally Identifiable Information Released The following information was accessed during the incident:
With the exception of the manifest data all the information obtained via the intrusion is publicly available. The WSLCB already responds to requests for publicly available records per the state’s public records law. Because there is no personally identifiable information, there is nothing that licensees need to do at this time. As a precaution, with the above in mind, please review your transport plans and take any appropriate steps you feel necessary for your business. Current Status Next Steps The bottom line is that this incident is unfortunate. There will continue to be malicious cyberattacks on the system. This is true of any public or private system and is especially true of the traceability system. Know, however, that we will continue to take necessary steps to protect all traceability information. This includes an ongoing review of the information we require in traceability and the implementing the best practices in security. As always, continue checking your email for notifications and the WSLCB website for the latest information. Sincerely, Peter Antolin |