What Happened
In May 2026, a threat actor using the handle “wikkid” claimed to have exfiltrated and put up for sale a database from the Virginia Department of Wildlife Resources (dwr.virginia.gov), allegedly exposing about 286,620 records tied to individuals interacting with DWR for hunting, fishing, and boating licenses. The leaked data reportedly includes extensive personally identifiable information (PII) such as full names, Social Security numbers, dates of birth, gender, ethnicity, full addresses, phone numbers, email addresses, and detailed license history, raising both identity-theft and profiling risks. As of mid‑May 2026, public reporting indicated that this dataset was actively circulating on underground forums, but the Commonwealth of Virginia/DWR had not yet issued a detailed official confirmation of the intrusion method or full impact, leaving some technical aspects of the breach unverified.
