UCR’s “Website Vulnerability” Exposes Data of 30,000 Trucking Businesses
San Diego, CA – As many as 30,000 truckers and carrier representatives had their tax identification or social security numbers exposed due to a “website vulnerability,” earlier this year.
In a new statement of admission, the Unified Carrier Registration (UCR) Plan Board of Directors say its online National Registration System could have exposed a UCR registrant’s Tax ID number or social security number for a period of 28 days in March 2019.
“An internal investigation determined that during the period of March 1, through March 28, a UCR registrant’s Tax ID number was displayed in the status bar of the web browser of the receipt created upon completion of the registration process in the National Registration System,” the Board said.
Following the investigation, the UCR Plan Board reported the breach to the Federal Motor Carrier Safety Administration (FMCSA) and asked for assistance.
The FMCSA determined that approximately 23,000 of these registrants may have provided a social security number to the database as the tax ID number.
UCR says it has elected to individually notify the approximately 23,000 registrants about the breach.
Further, UCR says it has recently mailed out notices and is offering identity monitoring services to those impacted in “an effort to prevent any further inconvenience.”
UCR’s investigation came after the Small Business in Transportation Coalition (SBTC) notified it of the breach in March.
SBTC president James Lamb says he is pleased the UCR Board acknowledged “they indeed mishandled and publicly released the social security numbers of 30,000 truckers and carrier representatives over a one-month period,” but is not satisfied with the remedy.
“We contend these sensitive personally identifiable data were unlawfully released by FMCSA to the UCR Plan Board, a self-described ‘Congressionally chartered non-profit association’ that manages the interstate UCR Agreement in violation of the Privacy Act,” Lamb told Transportation Nation Network (TNN).
Lamb says the SBTC is currently considering filing a class action suit against the UCR Board for “improperly obtaining and compromising the most sensitive of drivers’ data.”
In addition to possible litigation, Lamb and the SBTC is calling for the USDOT Inspector General to investigate the data breach and “hold those responsible accountable.”
If you think your data may have been breached, or if you have questions, you are asked to contact [email protected].
TNN will continue to follow any new developments.