California's Department of Motor Vehicles on Tuesday acknowledged that it inappropriately shared personal information regarding 3,200 customers with seven outside law enforcement, immigration, and administrative agencies over the past four years.
The district attorney offices for Santa Clara and San Diego counties inappropriately accessed personal identifying information related to the 3,000 DMV customers, the state said.
Another 200 DMV customers had their Social Security information wrongfully shared with and reviewed by the Department of Homeland Security, Internal Revenue Service, Small Business Administration Office of Inspector General, Social Security Administration Office of Inspector General and California Department of Health and Human Services.
Eighty-three of the DMV customers were undocumented immigrants.
The DMV said just six undocumented immigrants who applied for driver's licenses had their personal information accessed by Homeland Security. Under Assembly Bill 60, a California law approved in 2013, the DMV must offer licenses to people without Social Security numbers.
While "data breach" notices are being sent out to the 3,200 customers, DMV Spokeswoman Anita Gore said the incident "is not a data breach in the general understanding of breaches," because "the disclosure of this information by the DMV did not involve hacking or sharing information with private individuals or entities."
In the letters going out to customers, the DMV says it discovered the mistake in August. During the regular course of business, state and federal agencies may obtain drivers' license information from the DMV. Upon request, the DMV may also grant access to Social Security information.
You have free articles remaining.
"Prior to DMV providing access, each government agency must indicate the purposes for which the agency requires access and must indicate the legal authority allowing the agency access to social security information," the letter reads. "In this instance, DMV improperly allowed a small number of government agencies ... access to Social Security number information due to a misinterpretation of federal law."
The DMV said it has since shut off the agencies' access to the Social Security information.
The improperly obtained materials included whether a Social Security number was unverified or a driver's license applicant was ineligible for a Social Security number. It did not explicitly spell out whether a person was ineligible because of citizenship status, according to the DMV.
The latest technical error from the DMV is the first to come to light under the leadership of Steve Gordon, the new DMV director who took over in August.
Gordon, who has called his department's IT infrastructure "alarming," came to the DMV with a technology background and vowed to improve the department's antiquated systems. In a statement, Gordon's department vowed to do better.
"Protection of personal information is important to DMV, and we have taken additional steps to correct this error, protect this information and reaffirm our serious commitment to protect the privacy rights of all license holders," Gore said in a statement.