DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UCR vulnerability may have exposed private information

Posted on October 29, 2019 by Dissent

Seen on Landline:

A problem with the Unified Carrier Registration plan’s website may have exposed Social Security or Tax ID numbers for thousands of users. UCR indicated that the vulnerability existed between March 1st and March 28th, 2019. The information exposed includes 23,000 Social Security numbers.

After a bit of searching, I found the actual notice from UCR, which I am embedding below. The undated notice has a metadata creation data of October 21. It notes that once UCR became aware of the problem on March 28, they eliminated the vulnerability by removing the use of Tax ID numbers in the National Registration System. Their investigation also found that there was no indication of any mass exfiltration of data during the vulnerable period in March.  The The exposure was limited to the exposure of a Tax ID number in the status bar of the web browser of the registration receipt.

There is no explanation of why there is such a long delay from March to October 21 to issue the notification disclosure, but UCR did report the incident to the Federal Motor Carrier Safety Administration (FMCSA), who then asked them to run the 30,000 entries during the vulnerable time period through FMCSA’s MCMIS
database to determine the number of registrants who may have provided a Social Security Number to the database as the Tax ID number.  That analysis revealed that 23,000 individuals did use their SSN as their Tax ID. Those individuals have recently been sent notification letters offering them identity monitoring services.

UCR-Data-Investigation-Press-Release
Category: ExposureGovernment SectorU.S.

Post navigation

← ‘C.L.O.U.D.’s On the Horizon: How Law Enforcement Electronic Data Requests Are Going Global
Details for 1.3 million Indian payment cards put up for sale on Joker’s Stash →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.