California DMV data breach exposes thousands of drivers’ Social Security information
The California Department of Motor Vehicles on Tuesday said it suffered a data breach in which government agencies had improper access to the Social Security information of 3,200 people issued driver’s licenses.
Yesterday, the California Department of Motor Vehicles confirmed that it suffered a “data breach” discovered on August 2, in which federal agencies, including immigration authorities, had improper access to the Social Security information of 3,200 people issued driver’s licenses. Notices went out to those whose Social Security information — including whether or not a license holder had a Social Security number — was accessed during the last four years by seven agencies, including the U.S. Department of Homeland Security, the Internal Revenue Service, the Small Business Administration and district attorneys in San Diego and Santa Clara counties.
According to Tim Erlin, VP, product management and strategy at Tripwire, “Breaches aren’t always the result of malicious attacks. In fact, they’re often a consequence of misconfigurations. In these cases, there’s no stereotypical ‘bad guy’ to arrest, but often a group of well-meaning, but overworked and under-skilled staff that either couldn’t keep up or just didn’t know any better. Finding and addressing misconfigurations can be automated, but you have to start with an understanding of how the systems should be configured in order to measure how they differ from that desired state. Breaches with government agencies are especially tragic because taxpayers and consumers are one and the same, and we’re the ones footing the bill either way.”