In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:
The Washington State Liquor and Cannabis Board accidentally distributed sensitive data on applicants in response to a public records request.
LCB had redacted the documents for the records request, but a folder containing the personal information inadvertently was included.
The data was provided to requestor John Novak, a Washington activist who runs a website — 420 Leaks — critical of the agency. Novak said he had requested documents related to marijuana applications filed under a recently enacted law.
Not knowing about the personal information, Novak posted the files at issue on 420 Leaks in early May, where anybody could access them. Novak said he subsequently received a phone call from the agency explaining the situation, as well as asking him to delete the records from his website and any copies in his possession.
Novak said he deleted the records from his website, but did not agree to delete his personal copies.
“I checked the logs to see if anybody downloaded it, but the logs didn’t go back that far,” Novak said. “I know some of our research team downloaded them. A lot of press got the original link.”
LCB spokesman Brian Smith said: “When we realized that info had been released to Mr. Novak, he was contacted and asked to take that information down from the website and to destroy what he had and we would provide a redacted…