- Today
- Holidays
- Birthdays
- Reminders
- Cities
- Atlanta
- Austin
- Baltimore
- Berwyn
- Beverly Hills
- Birmingham
- Boston
- Brooklyn
- Buffalo
- Charlotte
- Chicago
- Cincinnati
- Cleveland
- Columbus
- Dallas
- Denver
- Detroit
- Fort Worth
- Houston
- Indianapolis
- Knoxville
- Las Vegas
- Los Angeles
- Louisville
- Madison
- Memphis
- Miami
- Milwaukee
- Minneapolis
- Nashville
- New Orleans
- New York
- Omaha
- Orlando
- Philadelphia
- Phoenix
- Pittsburgh
- Portland
- Raleigh
- Richmond
- Rutherford
- Sacramento
- Salt Lake City
- San Antonio
- San Diego
- San Francisco
- San Jose
- Seattle
- Tampa
- Tucson
- Washington
Washington DOL Faces Lawsuit Over Alleged Data Flaw
Agency reviewing claims it knew of security vulnerability for years but failed to fix it
Mar. 21, 2026 at 7:35pm
Got story updates? Submit your updates here. ›
The Washington Department of Licensing (DOL) is facing a tort claim alleging the agency knowingly allowed a major security flaw in its data system, potentially exposing the personal information of thousands of state residents. The claim, filed by an attorney representing a resident, says DOL was aware of the issue as early as 2019 but failed to address the problem for years, allowing fraudulent activity to occur.
Why it matters
This case raises serious concerns about data privacy and security practices within a state government agency that holds sensitive personal information. The allegations, if true, suggest a troubling lack of accountability and transparency, especially given Washington's reputation for strong data privacy laws.
The details
According to the claim, DOL's License Express system had a vulnerability that allowed hackers easy access, leading to thousands of licenses being redirected to single addresses and paid for with prepaid 'burner' cards and fake email accounts. The agency allegedly knew about the issue in 2019 but failed to fix the technical problem, even as it continued for years.
- The first investigative file on the issue is dated 2019.
- The security flaw existed from Labor Day 2018 to the second week of February 2025.
- The flawed data system was shut down in early 2025.
The players
Joel Ard
An attorney with Ard Law Group, representing William Black in the tort claim against the Washington DOL.
William Black
The resident who filed the tort claim against the Washington DOL.
Nathan Olson
Digital Communications and Outreach Director at the Washington DOL.
Jim Walsh
Washington GOP Chairman.
What they’re saying
“We really are hoping to hear from the Department of Licensing in less than sixty days. If nothing else, to have them confirm that this back door indeed has been closed, which is our understanding, but they should know better than we do.”
— Joel Ard, Attorney
“That's the more egregious part of this. They tried to hide it. We brag and brag about how Washington has the best data privacy notice law in the nation, and it's the first state to make that apply to government entities. And then you've got the state itself just ignoring the law.”
— Joel Ard, Attorney
“The lawsuit alleges the breach was both wide and deeper than we thought and the department knew about it and tried to kind of do damage control. I wouldn't go so far as to save cover up, but it's sort of like that. The agency later saying they knew about it sooner really puts them in a bad light. If the allegations are all right, they acted negligently.”
— Jim Walsh, Washington GOP Chairman
What’s next
The judge will decide within 60 days whether to allow the tort claim to proceed against the Washington DOL.
The takeaway
This case highlights the importance of government agencies upholding the highest standards of data security and transparency, especially when handling sensitive personal information. The allegations, if true, suggest a troubling lack of accountability that could have far-reaching implications for Washington residents.
