The Florida Department of Agriculture and Consumer Services, which oversees concealed-weapons licensing, announced on Tuesday overseas hackers had stolen the private information of over 16,000 gun owners.
"Names of 16,190 concealed weapon licensees, which is less than one percent of total number of concealed weapon licensees, may also have been obtained," the agency said in a statement.
The breach, first reported by the Tampa Bay Times, is being investigated by the department. Agriculture commissioner Adam Putnam has ordered a "comprehensive review" of cybersecurity measures in the wake of the hack. The Florida Department of Law Enforcement is also involved in the investigation of the matter.
The Department of Agriculture said that, in addition to the private information of over 16,000 gun owners being taken, 469 people also had their Social Security numbers stolen in the hack. To help protect those people, the agency is offering free credit monitoring for a year.
"The Florida Department of Agriculture and Consumer Services today notified 469 customers that their social security numbers may have been obtained as part of a data breach that appears to have originated from overseas and is offering free credit protection for one year to these individuals," the agency's statement said. "The social security numbers that may have been obtained had been entered in an online field where either a social security number or Federal Employer Identification Number could be entered. In 2009, the department began only to request a FEIN in this field and stopped the prior practice of requesting either a social security number or FEIN."
The agency said no financial information was obtained during the breach and the hackers were only able to gather the names of the 16,000 concealed-weapons licensees.
"No other individually identifying information of the concealed weapon licensees was compromised," the agency's statement said. "Only concealed weapon licensees who renewed online may have had their names accessed. The department's Office of Inspector General determined that there is no risk of identity theft to these licensees.
"Other information possibly accessed per the data breach is all public information and poses no risk of identity theft. The breach occurred through the online payment system; although, the hackers were unsuccessful in obtaining any financial information."
"The department takes cybersecurity seriously and acted quickly to mitigate the effects of this breach," it said. "The privacy of the department's customers is a top priority and will remain so."
The agency urged those who may have been affected by the breach to call 1-800-350-1119.