The Unified Carrier Registration (UCR) Plan says that a website error exposed sensitive data for tens of thousands of truckers and motor carriers earlier this year.
According to a recent press release posted on the UCR website, during the 28 day period between March 1, 2019 and March 28, 2019, a “website vulnerability” left a UCR registrant’s Tax ID number on the status bar of the web browser of the receipt created upon completion of the registration process in the National Registration System.
The UCR says that the Tax ID website error impacts about 30,000 drivers and carriers.
Additionally, after the Federal Motor Carrier Safety Administration (FMCSA) joined in the investigation into the security lapse, the agencies concluded that the Social Security Numbers (SSNs) of about 23,000 registrants were also potentially exposed during the 28 day period.
The UCR says that after learning about the website vulnerability on March 28, the issue was immediately corrected and cybersecurity experts were brought in to investigate the incident.
From the UCR news release: “As of today, the UCR is confident that there is no further risk of Tax ID number exposure. The issue has been resolved since the afternoon of March 28, 2019, and no future occurrence of displaying the Tax ID numbers of registrants can occur.”
The UCR says that they intend to rectify the incident by reaching out to a pool of 23,000 registrants via mail to inform them of the possible SSN exposure and to offer them identity monitoring services.
If you have questions about the data incident, you can email privacy@legal.ucr.gov.