Investigation Into Breach of Personal Data at Utah Department of Motor Vehicles
A bizarre tale of revenge after a road rage incident has inadvertently exposed a data breach of personal information at the Department of Motor Vehicles in Utah.
FOX13 News reports:
Investigators are accusing a former employee at the DMV of taking people’s information and passing it to others, who would then go out and commit crimes. But state officials acknowledge they may have no way of knowing how widespread the problem is.
The investigation began last year with Salt Lake City firefighters, who were looking into a suspicious car fire in a Rose Park neighborhood. Lexie Atencio said she accidentally cut off a woman driving a pickup down her street, which quickly escalated into a road rage incident.
“I almost hit this woman and caused an accident,” Atencio said in an interview Wednesday with FOX 13. “She took it to a whole other level and decided to have someone come and torch my car.”
Atencio said she awoke in the middle of the night to find her car had been burned outside her home. A neighbor provided a description of a car seen nearby, matching the one involved in the road rage incident earlier, she said.
Upon learning that a woman involved in the fire worked at the DMV, fire department investigators questioned her and were surprised to learn that the woman was involved in more than they’d realized.
“This individual shared with us some information that, in all honesty, we weren’t even expecting to get,” [Salt Lake City Fire Marshal] Ellis told FOX 13.
A search warrant recently unsealed and obtained by FOX 13 News states that after being given her Miranda rights, the woman “admitted to using her computer access, as an employee of the Utah State Division of Motor Vehicles to illegally acquire personal information about private citizens.”
“She admitted to then disseminating that information to specific individuals for the sole purpose and with the understanding the information would be used to commit crimes against the unsuspecting private citizen,” a fire investigator wrote in an affidavit filed with the warrant.
“I believe she stated she’s been doing it for 14 years,” Ellis said.
The data that was improperly accessed allegedly includes names, addresses and the make, model and vehicle identification number. The DMV employee involved is no longer employed there; to be clear, she has not been arrested or charged with any wrongdoing at this time. Authorities are currently investigating and have requested an internal audit of the DMV system to aid in that investigation.
Putting aside all the typical cynical DMV stereotypes for a moment, what struck me about this story is the lack of technical oversight in such an agency, and how it might apply to broader situations.
To start, the DMV employee told investigators she’d been doing this for 14 years. How could that go on for so long unnoticed?
The DMV in Utah is overseen by the Utah State Tax Commission. That agency said “it is hard to know how widespread the data breach is.” A spokesman for the DMV told reporters that the current software makes it “difficult to verify who’s looked at what and when.” It stated that it does however train its employees thoroughly about the importance of confidentiality and warns against the release of any personal information, adding that employees sign agreements to that effect.
But how much of a deterrent is this if employee actions like these cannot even be tracked at such a level in the system? In this particular instance, the revelation of the DMV employee’s alleged abuse of access to personal data was an all but accidental discovery.
I don’t know for certain that the Utah DMV is a state government agency, I assume it is. Even if it is privatized, it is an agency overseen by the state government to collect government mandated personal data. So I am viewing this regardless as a government responsibility to protect the information of private citizens as best it possibly can. This case does not instill much confidence in that for me.
With the recent scandals occurring in other government agencies on a much broader scale, it’s hard not to look at this case and wonder how well (or how poorly) agency employees’ access to and use of private citizens’ personal data is monitored and tracked for potential abuse.
Donations tax deductible
to the full extent allowed by law.
Dangerous. She’s a Democrat, I’d hazard a guess.
Fourteen years she’s been doing this, and probably could have continued doing it until she retired or dropped dead, had she not ratted herself out to the fire investigators.
But don’t worry, folks. Your personal medical information will be perfectly safe in the hands of the apolitical, non-partisan IRS!
Yeah, I want to give the government my ID, my financials, my medical records and my voting preference. And please take my private property, my chattel, my children and me while you are at it. And please, please, please, give all that I have to someone who enters our country illegally – a narco-terrorist, say.
Here is the REAL danger from the Obamabanana Republic, and one that will be very hard to root out…
“It is appropriate that the worst scandal of the Obama administration – the IRS targeting of conservatives – is a scandal of administrators and bureaucrats, of otherwise faceless people endowed with immense power over their fellow citizens and running free of serious oversight from elected officials.
“They are the shock troops of the vast bureaucratic apparatus of the federal government. Its growth has been one of President Obama’s chief goals, and the one he has had the most success in achieving. He has greatly enhanced the reach and power of regulatory agencies that are an inherent offense against self-government, even when they aren’t enforcing the law in a biased way.
“The administration’s corruption isn’t bags of cash or lies about interns; it is the distortion of our form of government by sidestepping democratic procedures and accountability and vesting authority in bureaucrats. The administrative state is, fundamentally, the Lois Lerner state.”
Had the people at IRS been LESS ham-fisted in their bias, would anything that has happened escape the efforts of teh Mushroom Media to deny it?
This is also the crazy Utah DMV lady state. Who knows what evil and mayhem she might have unleashed on people? And she is just a VERY minor flunky in a relatively powerless agency.
Get used to it. The country chose unlimited government intrusion into every aspect of how you live your life – including life and death decisions made by the unelected members of the IPAB whose decisions can not be judicially challenged – when it reaffirmed Obamacare in November.
It’s gonna be awesome.
This makes Ameri-Hulk mad, very mad.
This is why we need strong privacy laws. Texas is barely doing anythingl all others are so lackluster. This is why I fight, and fight we must.
I am a PCP for a reason, so I can actually make change instead of scream for change. Michaelhh @ gmaildotcom
“. . . it’s hard not to look at this case and wonder how well (or how poorly) agency employees’ access to and use of private citizens’ personal data is monitored and tracked for potential abuse.”
Well, the obvious solution is to make government even bigger. And because of the masterful way that public schooling has inculcated “students” into believing that government is the fount of everything good and wholesome, that task might not be so hard. After all, Obama was elected twice to be Santa Claus as the culmination of the New Deal, the New Frontier, the Great Society and the 000s of “programs” spawned therefrom. Program is liberal-speak for “jobs for Democrats” and “learned dependency for program ‘clients'”
This might redound not to Obama or the concept of government institutions as political weapons, but to the idea that stereotypes are often factual – this is the DMV. Don’t know about Utah, but in most states the position of DMV director is almost always a political appointee, buddy of a new governor, and typically without any experience to make the choice wise. It’s a great job with which to reward a campaign bundler. Fish rot from the head down, all the new DMV’s subordinates will be buddies he’s rewarding, the top third of any patronage-run gov agency ends up inept and/or corrupt, they cannot supervise what they don’t know, and there you go. Mayhem in the trenches among rank and file who know they are supervised by idiots.
I can’t find an online reference to it to link, but back in the late 1980s? early 1990s? in NC, Raleigh police stumbled onto a prostitution and drug ring – being run by a clutch of employees from inside the NC DMV Headquarters!
Insert joke here: ___________________________ .
Well, is IS the DMV. Organizations, over time, develop reputations that are pretty accurate. I recall reading of the CA DMV that had a system to record who accessed what when, and they found that all kinds of employees were looking up info on movie-stars, “news of the week” type people, etc.
And the employees were doing it, even when they knew that they were being monitored.
It’s interesting that this woman wasn’t fired – sounds like it should be made a criminal act, and also that the procedures be changed to some sort of expedited review by an internal board, to quickly fire the person (vs. waiting for courts).
Yes, and some paid for it with their jobs and a little jail time, too. CA’s oversight system works pretty well, but nothing is perfect. However, to not have an oversight control system in place is just wrong, on multiple levels. CA’s has been around for almost 30 years.
Long, long ago I worked at a company that tracked vehicle registrations for the auto manufacturers — for recalls, customer research, etc. Every person I worked with took the security and confidentiality of that data seriously.
Apparently more seriously than the states the company bought the data from.
When “automation” came to CA DMV generations ago, it could not be put into place until internal security issues such as this had been resolved. To us at the time it was a no-brainer.
“…she has not been arrested or charged with any wrongdoing at this time.”
Never any consequences. Not the woman who accessed and released the information, not management at the DMV, not anywhere. If the authorities couldn’t find something to charge her with within ten minutes, they should be fired too.
No longer employed by DMV – soon to be hired by IRS.
“The DMV employee involved is no longer employed there…” The IRS snatched her right up, no doubt.
If this went on for 14 years without being noticed, I would suspect that this might be a more widespread activity than just one person. It might have been something many of the employees did for some extra money.
And in that 14 years how many employees with knowledge of the practice were promoted into management and supervision, and then chose to ignore this elephant in the room? Not too confident right now that Utah DMV’s corporate culture is acceptable. Just saying, somebody shoulda done something significant about this at least 13 years ago.