A new tort claim in Chelan County is accusing Washington’s Department of Licensing of leaving a digital side door unlocked in its License eXpress system for years, letting identity thieves quietly reroute driver license mail and scoop up replacement IDs by the dozen. The filing says the trouble started after 2018 upgrades and that, despite ongoing fraud, the agency never fully shut the problem down, leaving thousands of residents exposed to identity theft.
According to KING 5, the tort claim, filed by William Black in Chelan County, says an access flaw appeared in 2018 around the time of upgrades to the public-facing License eXpress portal and only worsened as time went on. The claim alleges fraudsters were able to change addresses on driver records, then order dozens or even hundreds of replacement licenses that all shipped to the same mailing address.
The filing also says Department of Licensing employees tried to keep up by tracking victims in an internal spreadsheet that reportedly listed names, license numbers, dates of birth, contact information, payment methods and shipping addresses. It further claims the agency took License eXpress offline from Feb. 10 to Feb. 18, 2025, and that some of the suspect purchases were made with prepaid cards, making the transactions tough to trace.
On paper, the agency presents a very different picture. The Department of Licensing’s privacy center says the agency builds protections into its online systems and maintains a dedicated fraud team that looks for identity theft and misuse, according to the Washington State Department of Licensing. Public guidance from the agency also stresses that bulk-data customers must meet strict security standards, follow notification rules and submit to audits. The dispute at the heart of the tort claim is whether those protections were actually followed and whether people whose data may have been compromised ever received the required warnings.
Legal and consumer fallout
The filing accuses the Department of Licensing of ignoring Washington’s data-breach notification requirements and failing to alert people whose information might have been exposed. If those allegations are backed up, they could fuel additional state tort claims and draw the attention of regulators.
As reported by KING 5, the claim says that by 2020 or early 2021 more than 1,000 successful thefts tied to the issue had already taken place. Washington’s Attorney General publishes a Data Breach Notifications Directory along with resources for affected residents, and state law spells out when agencies and businesses must notify people after personal information is compromised. Those materials outline possible next steps and point to potential remedies.
What to do if you’re worried
Drivers who are feeling uneasy about their records can start with a basic self-check. Look over your License eXpress account for any unfamiliar address changes, keep an eye on your mailbox for licenses or ID cards you did not request and watch credit reports and bank or card statements for odd activity.
The Department of Licensing advises customers to create a secure License eXpress account or call driver licensing customer service at 360-902-3900 for help. For more details, see the contact information posted by the Washington State Department of Licensing. The Attorney General’s Data Breach Resources page also walks through steps such as placing fraud alerts, freezing credit and finding low-cost or free identity-protection services.
For the state, the tort claim is the latest signal that how licensing data is handled is under growing scrutiny. It raises uncomfortable questions about how License eXpress and other Department of Licensing systems are secured, monitored and audited. We will update this article if there are new filings, official responses or further developments.
