Online sales of hunting and fishing licenses resumed Tuesday following a three-month shutdown due to a computer breach at the vendor that handles those sales, Idaho officials announced.
Idaho Fish and Game officials said additional security features include requiring online buyers to create an account with a password.
Dallas-based Active Network reported a computer breach in late August with the possibility that millions of records in Idaho, Oregon and Washington, including Social Security numbers, might have been compromised.
"We worked with them to patch the vulnerabilities," said Michael Pearson, chief of administration for the Idaho agency. "Fish and Game had to modify the website to put additional security measures in place."
Oregon resumed online sales in early September with added security, which includes removing driver license information, said Oregon Fish and Wildlife spokeswoman Michelle Dennehy in an email to The Associated Press. Washington state is also back online. About 10 to 20 percent of hunting and fishing sales occur online at the three states.
Pearson said it's difficult to tell if some hunters or anglers couldn't get Idaho licenses, but that it appeared most figured out early how to buy the products they wanted. Licenses continued to be sold in person at Idaho Fish and Game offices and certain businesses.
Shortly after the breach, Active Network mailed notices to license holders with instructions on how to check for identity theft.
The company, whose event and activity management software is used by tens of thousands of event organizers nationwide, including marathons and other races, has said the potential threat was isolated to fishing and hunting licensing systems in the three states. The company didn't respond to phone or email inquiries from The Associated Press on Tuesday.
Idaho Fish and Game spokesman Mike Keckler said it's still not clear if any personal information was actually stolen, and that the FBI continues to investigate.
Before the computer breach, Fish and Game had already started the process of seeking bids for a contract to run the online sales when the current contract with Active Network ends in February 2018, Keckler added.
He said the request for bids just ended, but declined to say how many bids the state received or who made them. He said the bids will be examined for beefed-up security measures following the computer breach.
"It's not behind us," Keckler said. "We are still learning from what happened. We're doing everything we can to make sure nothing happens now or with the next contract."