On March 27th, 2019, the SBTC Reported a Data Breach by the UCR Board of Directors to the Secretary of Transportation's USDOT Privacy Officer and the FMCSA Administrator. On March 29th, 2019, the FMCSA's Counsel's Office responded, advising the SBTC the agency is investigating the matter.
Date: Fri, Mar 29, 2019 4:45 pm
Cc: "Gutierrez, Avelino" <[email protected]>, "[email protected]" <[email protected]>, "[email protected]" <[email protected]>, "[email protected]" <[email protected]>, "Chao, Elaine L." <[email protected]>, "Martinez, Raymond P. (FMCSA)" <[email protected]>, "Privacy, OST (OST)" <[email protected]>, "[email protected]" <[email protected]>
Subject: RE: [EXT] Unauthorized use and public release of my Social Security Number by the UCR Plan
Mr. Lamb,
FMCSA takes your concerns below regarding the alleged release of your SSN by USDOT/FMCSA very seriously. We are investigating this incident and will take the necessary steps to address the matter.
Charles J. Fromm
Deputy Chief Counsel
Federal Motor Carrier Safety Administration
SBTC Blows Whistle on UCR Board's Alleged Public Exposure of Truckers' Social Security Numbers
The Small Business in Transportation Coalition (SBTC) has alleged it has discovered that the Unified Carrier Registration (UCR) Board of Directors has exposed --in their entirety-- truckers' social security numbers that were provided to the United States Department of Transportation (USDOT) in connection with applications for USDOT Numbers and thereafter released by USDOT to the UCR Board, in violation of Federal Law and its privacy policy. SBTC has reported the violations to the USDOT Office of the Inspector General, the USDOT Privacy Director, USDOJ, and Congressional Oversight Committees.
"This is a very serious matter... the integrity of truckers' personally identifiable information has been compromised due to an irresponsible data security breach by the UCR Board in violation of Federal Law, the USDOT's privacy policy, and the Board's own privacy policy."
--SBTC President James Lamb
WASHINGTON (PRWEB) March 27, 2019
James Lamb, the president of the Small Business in Transportation Coalition ("SBTC"), a 501(c)(6) non-profit business league operating through the domain
http://www.truckers.com
announced today that his transportation industry watchdog trade group has reported to federal privacy officials that it has allegedly discovered that the Unified Carrier Registration ("UCR") Board of Directors ("Board") has been publicly releasing independent truckers' social security numbers through its website
http://www.ucr.gov
.
Lamb said the SBTC reported the matter to the United States Department of Transportation's ("USDOT") Office of the Inspector General ("OIG"), which, in turn, referred him to the USDOT Privacy Director. Accordingly, Lamb filed a complaint with the USDOT Privacy Director and the United States Department of Justice (USDOJ) on behalf of the trucking industry, alleging that the Federal Motor Carrier Safety Administration (FMCSA) has, for years through the Iteris "UCR Link" system, been releasing truckers' social security numbers to the UCR Board of Directors through its tech platform contractors Indiana Department of Revenue and SeikoSoft, which implements the interstate UCR Agreement, and that the Board since March 1, 2019, has been making truckers' social security numbers publicly available through the Board's website
http://www.ucr.gov
hosted by SeikoSoft.
"This is a very serious matter," Lamb said, "and if the information has been leaked, the integrity of truckers' personally identifiable information may be compromised due to a possible data security breach by the UCR Board in violation of Federal Law, the USDOT's privacy policy, and the Board's own privacy policy. Truckers should be able to release their sensitive information to the government and rest assured that the FMCSA and Board will protect the confidentiality and sanctity of their most sensitive personal information. Clearly the FMCSA and UCR Board have violated the public's trust and have failed to do so in this instance. As a result hundreds of thousands of independent truckers' data have been potentially exposed over the past month, making these truckers susceptible to identity theft."
Lamb said the SBTC's lobbyist has today notified the Congressional oversight committees and has requested an investigation into this matter.
"The SBTC is ever on the look-out for government fraud, waste, mismanagement, and abuse. That includes private non-profit organizations like the UCR Plan charged with administering interstate agreements. It is the policy of the SBTC to expose all unlawful activities and improprieties by government agencies and private entities alike." Lamb added.
In the interest of protecting truckers' information, Lamb said he would leave it to the USDOT to advise the public how, specifically, the breach occurred to afford the government time to effect termination of the Board's alleged release of information. Truckers concerned that their social security numbers may have been publicly exposed in violation of the Federal Privacy Act of 1974 may contact USDOT via privacy(at)dot.gov and/or the USDOJ: privacy(at)usdoj.gov.
