Personal Information Not Compromised In DMV Security Breach, Investigators Say
Posted May 25, 2005
RALEIGH, N.C. — The North Carolina State Bureau of Investigation is investigating a case where a former employee at the Department of Motor Vehicles allegedly tried to get Social Security numbers of nearly 4 million driver's license holders in North Carolina.
In February, the unidentified DMV contract worker, who no longer works for the DMV, downloaded the addresses of 3.8 million people, but was caught before he was able to get Social Security numbers, investigators said.
The DMV contended Wednesday that its security measures worked and the breach was stopped before personal information could be compromised.
The DMV computerizes personal information for each of North Carolina's 6.6 million licensed drivers. The state holds enough personal information, such as driver's license numbers, birth dates and Social Security numbers, for fraud to be committed.
"You should definitely be concerned," said computer security expert Chris Hurley. "This is your personal information."
Hurley said that the top database priority is typically blocking outside hackers. Monitoring workers with access creates far more challenges, he said.
"When you're talking internal, you're assuming that everybody's trusted that you've hired," Hurley said.
With close to 400,000 identity theft cases each year in North Carolina, information security faces more scrutiny than ever.
Bank of America and Wachovia recently announced a former employee improperly sold off account information for 100,000 customers.
Hurley said it boils down to investing time and technology to keep track.
"They didn't think through -- 'OK, we've got X amount of employees, X amount of data and this personal data. Who's got access? Who needs access?'" Hurley said.
Work is one of the top places where identity thieves find their information. In North Carolina, identity theft is fourth, behind credit card, utility and bank fraud.