UPDATE: Data leak shuts down PFD application website
/cloudfront-us-east-1.images.arcpublishing.com/gray/U4PWJMHJHRKA5DR3HTY4GBUTLM.jpg)
The Alaska Department of Revenue will not reopen the Permanent Fund Dividend application website until the integrity of filer information can be guaranteed, according to a statement from the department Tuesday night.
The application page for the Permanent Fund Dividend has been shut down after multiple filers reported that the website displayed back to them the filing information for other people — vital Personally identifiable information including dates of birth, Social Security numbers, addresses and other contact information.
Cassie Hulse of Anchorage says that after visiting the PFD website around 12 p.m. Tuesday and entering her information into the application page — name, social security number, date of birth, gender, and contact information — she received an error message and was redirected back the application start page warning against fraud.
"And when you agree to that, it took me back to the same https://cms.clickability.com/cms?action=contentList&typeId=57&pageTitle=News+Story&option=listpage where you enter your information, only instead of it being blank or having mine, it had somebody else's," Hulse told Channel 2. "I know their social security number, their birth date, their phone number."
Hulse says she called the person whose information — including their date of birth, social security number, and contact information — the PFD website displayed back to her. After warning that person, Hulse took to social media to warn others, where she found others with similar stories.
According to the State of Alaska PFD Director Anne Weske, the application was pulled off the website this morning, "which immediately eliminated any further concern," Weske told Channel 2. "Because the application was down most of the morning, only being accessible for a few minutes here and there, the chance of this occurring was significantly reduced."
Weske says the error is being looked at, and that securing filer information is a priority for the office before returning the application to the PFD website.
As for Hulse and others, the knowledge that their private information may have been exposed has left them unsettled with a lingering fear of being exploited, and a new distrust for the PFD application process.
"I've never had a problem with the PFD application, especially since it went online, I've never had an issue," Hulse said. "Now this new portal or whatever it is they're trying to do, obviously there's a big glitch or issue that it's sharing somebody else's information."
Hulse says others should heed caution before applying because no dividend is worth having your identity stolen.
"Your stuff is not secure, and make sure you're watching your accounts, your credit history, whatever you need to do to make sure you're not a victim."
KTUU is awaiting responses from the PFD office to questions about how many users may have been affected, how the state may inform people whose PII may have been compromised, and the depth of user information that may have been exposed.