According to information security specialists, the California Department of Motor Vehicles (DMV) suffered a data breach that exposed the Social Security numbers of thousands of city drivers; the incident would have given other government agencies undue access to this information.
This incident is particularly serious for
illegal migrants residing in the state, as the leaked records specify which
drivers do not have a social security number, which would reveal their
immigration status. The city government says there is no way for migration
agencies to have access to these records.
However, the California government noted that
some law enforcement agencies have accessed this information as part of
investigations into illegal activities.
As per information security specialists,
agencies that would have accessed this information include the IRS, the Small
Business Administration, and the offices of San Diego and Santa Clara district
attorneys; specialists have been unable to determine whether any migration
agencies gained access to this information.
On the other hand, the DMV claims that the
information was exposed due to an internal error, not as a result of a cyberattack
against its IT systems. In addition, the Department asserts that unauthorized
access was shut down immediately after it was detected, on the morning of last August
2.
It is estimated that the information of just
over 3,200 drivers was exposed during this incident; the Department stresses
that all affected users have already been notified. “The security of
personal information is vital for DMV; the necessary measures have already been
implemented to correct this failure; we deeply regret the inconveniences this
problem may have caused,” says a statement from the Department.
Ultimately, Anita Gore, a spokesperson for the
DMV, told before local media: “We want to emphasize the fact that no other
personal record was exposed during this incident; the DMV immediately began an
incident correction process to contain the scope of the leak”.
Although the DMV claims that it was not the
target of a cyberattack, specialists from the International Institute of Cyber
Security (IICS) consider it relevant that the organization conduct a thorough
review of its information security policies and practices, to ensure that these
kinds of errors won’t happen again.
