California’s Department of Motor Vehicles (DMV) said on Nov. 5 it had suffered a data breach that improperly disclosed private information to seven federal agencies on more than 3,000 licensed drivers.
During the last four years, the federal agencies, including the U.S. Department of Homeland Security, had improper access to the Social Security information of around 3,200 people involved in some type of investigation as suspects or witnesses, officials said Tuesday.
Other agencies who had access to the private information included the Small Business Administration, the Internal Revenue Service, and district attorneys in two of California’s 58 counties, San Diego and Santa Clara counties, the Los Angeles Times reported.
The DMV on Nov. 5 began sending letters to the affected individuals after determining that they are not currently being investigated. It gave what were supposed to be internal notes, such as whether drivers’ Social Security numbers had been checked to see if they were valid or falsified, or if the individual was ineligible for a Social Security number.
The private information sent to the U.S. Department of Homeland Security included records for six immigrants who were in the country illegally but applied for or received special immigrant licenses.
It was unclear if the information was used to investigate the immigration status of the drivers, officials said.
The information could have been used in criminal, tax, or child support investigations, including for witnesses in those inquiries, officials said.
The department halted the disclosure of private information on Aug. 2, immediately after the issue was discovered, DMV spokeswoman Anita Gore told the Los Angeles Times.
“Protection of personal information is important to DMV, and we have taken additional steps to correct this error, protect this information, and reaffirm our serious commitment to protect the privacy rights of all license holders,” Gore said.
“That’s why DMV immediately began correcting the access error following a legal compliance review, ensured that no additional confidential information was disclosed to these entities, and has implemented several additional layers of review.”
Gore said it took the DMV three months to send the letters because it had to ask each of the seven agencies why they wanted the information, review four available years of records, make sure the 3,200 drivers were not being investigated to avoid tipping them off, and then draft individual letters to each driver.
The breach of data is likely to raise concerns as in 2013, California lawmakers made the decision to allow immigrants in the country illegally to be issued driver’s licenses—AB 60 licenses—as long as they could provide documents to prove their identity and residency in California. Officials said information linked to the individuals who obtained those licenses would not be disclosed to federal immigration officials.
The information of 63 license holders who had obtained AB 60 licenses without proof of legal presence in the United States were shared with agencies, the DMV told the Los Angeles Times. A further 20 were in the process of obtaining the license.
Layla Razavi, policy director of the California Immigrant Policy Center, told the news outlet around one million people have obtained an AB 60 in the state.
“If you are not one of the 83 individuals who received this notice from the DMV, then you were not impacted by an unauthorized disclosure,” she added.
The DMV also came under fire last year for long wait times and for potentially botching about 23,000 voter registrations under the state’s “motor voter” law, which lets residents automatically register to vote through the DMV.
The Associated Press contributed to this report.