California DMV Exposes Drivers’ Data for 4 Years
November 7, 2019 Share

California DMV Exposes Drivers’ Data for 4 Years

The Social Security information of thousands of drivers has been exposed following a data breach at the California Department of Motor Vehicles that went unnoticed for four years.

Information relating to 3,200 people issued with driver’s licenses was inadvertently leaked to federal agencies, including the U.S. Department of Homeland Security.

A total of seven agencies were able to access the data, including district attorneys in San Diego and Santa Clara counties, the Small Business Administration, and the Internal Revenue Service.

According to the Los Angeles Times, some data exposed by the DMV was accessed as part of investigations into criminal activity or compliance with tax laws.

DMV spokesperson Anita Gore stated that no information had been accessed by or shared with private individuals as a result of the breach.

The DMV restricted access to the data shortly after discovering the breach on August 2, 2019.

“Protection of personal information is important to DMV, and we have taken additional steps to correct this error, protect this information and reaffirm our serious commitment to protect the privacy rights of all license holders,” Gore said.

“That’s why DMV immediately began correcting the access error following a legal compliance review, ensured that no additional confidential information was disclosed to these entities, and has implemented several additional layers of review.”

Customers of the DMV were informed of the breach by letter. In it, Albert C. Hwang, chief privacy officer at the DMV, wrote: “We sent this letter and the attached notice to you based on having, in the past, shared your Social Security information in error.”

California state law requires customers to be notified of any unauthorized acquisition of computerized data that compromises the confidentiality of personal information.

News of the breach come just months after a state audit in March found “significant deficiencies” in DMV operations, including technology and staffing problems and poor management practices.

The audit found that the department’s computer system was relying on programming language dating to the 1950s and that some parts of the department’s operating structure hadn’t been updated since 1990.

The DMV has also been criticized for soul-crushingly long waiting times, with some Californians reporting queues that lasted nearly six hours.

This post California DMV Exposes Drivers’ Data for 4 Years originally appeared on InfoSecurity Magazine.

Read More