Security Experts:

Connect with us

Hi, what are you looking for?


Application Security

Security Concerns Prompt Closing of Dividend Applications

ANCHORAGE, Alaska (AP) — Alaska revenue officials shut down online applications for annual oil wealth checks after personal information of other users popped up on applicants’ computer screens.

ANCHORAGE, Alaska (AP) — Alaska revenue officials shut down online applications for annual oil wealth checks after personal information of other users popped up on applicants’ computer screens.

The private information from other applicants included names, addresses and Social Security numbers.

The Alaska Department of Revenue shut down the application process Tuesday, the day it opened for 2019 checks. Revenue Commissioner Bruce Tangeman said Wednesday he is apologizing for the problem every chance he gets.

“The permanent fund dividend is a big deal in Alaska,” he said. “It means a lot to people, and we are very sorry that we’re going through this right now and putting them through this right now.”

The Alaska Permanent Fund was created by a vote of residents in 1976 when a flood of money for state coffers from oil development was on the horizon. The goal was a fund that would be out of reach for day-to-day government spending that would generate income in future years, according to the fund website.

State leaders also wanted to share oil wealth with Alaskans. The first dividends, paid from a portion of fund earnings, were paid out in 1982 and have been distributed annually ever since.

The first checks were for $1,000. The smallest checks were $331.29 in 1984. They peaked in 2015 at $2,072. The 2018 dividend was $1,600.

Alaskans must reapply every year, and the process opens Jan. 1.

“A lot of people get on there as soon as it’s available,” Tangeman said. “They like to try to be the first ones in to apply.”

As some Alaskans tried to apply Tuesday, the information boxes on their screens filled with data from previous applicants. It has not been determined whether the system experienced a glitch or a hack, and Tangeman did not want to speculate.

“We want to establish what the problem is. Then we’re going to fix the problem. Then we’re going to do a very deep dive on the security side to make sure it is secure before we put it back up on the website,” he said.

An online counter indicated that fewer than 100 people had applied for dividends when the system was shut down, he said. He is hoping the system will be back on line in a few days.

“It’s all hands on deck, 24-7, getting to the root cause of the problem, fixing it and then making sure the security is in place,” Tangeman said.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Application Security

While there are many routes to application security, bundles that allow security teams to quickly and easily secure applications and affect security posture in...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

A security vulnerability identified on AliExpress, the wholesale marketplace owned by the Chinese e-commerce giant Alibaba, could have been exploited by hackers to hijack...