Audit Reveals Vehicle Database Breach
Get Breaking News First
ST. PAUL, Minn. (WCCO) — When vehicle owners renew their titles or license plates, all that information is kept in a central computer. It’s known as the Minnesota Driver and Vehicle Services (DVS) database.
It includes such personal information as the registered owner’s name, address and date of birth, as well as the vehicle’s description and identification number (VIN). However, it does not include Social Security information.
But on Friday the Public Safety Department revealed that a recent DVS internal audit discovered illegal access to the information.
Bruce Gordon, a DPS spokesperson, said the audit was triggered by an increase in use by a particular login account.
The vehicle registration data was accessed by an employee of an auto repossession company, Gordon said. Repo companies are not among the auto dealers in the state given access to the information.
Why the company wanted the personal information and was willing to get it illegally is still under investigation.
“Our audit’s preliminary information indicates that somebody who was authorized to use this data (and access the database) provided that login information to somebody who was not authorized,” Gordon said.
It appears that an authorized user, an employee at an auto dealership, gave the account login information to someone at a repossession company. That company accessed the data 3,700 times and triggered the red flag.
Under state law, only auto dealerships are given access to the registration records as a way to prove title and legitimacy on the vehicles they sell and trade.
The Public Safety Department will send out letters to all affected by the information breach.
If Randall Hughes gets a letter, he won’t be happy.
“I’d be extremely upset, especially if it involved identity theft,” he said.
Investigators won’t identify which dealership is involved or why the employee gave login information to an unauthorized user.
However, Gordon says the state is notifying title owners to ease any fears. Also, there is no evidence the information was used in a criminal way.