Utah DMV says ex-worker gave out confidential info

May 30 2013 - 3:47pm

SALT LAKE CITY -- The Utah Division of Motor Vehicles has fired an employee after discovering she had given out confidential information about people in the agency's system.

The agency became aware of the compromised information when the Salt Lake City Fire Department alerted them that the DMV employee had confessed during the course of another investigation to having released the confidential information, said Charlie Roberts, a spokesman for the Utah State Tax Commission, which oversees the DMV.

Fire officials were investigating a suspicious vehicle fire last year, Salt Lake City Fire Marshal Martha Ellis said.

Ellis said investigators had linked the fire to an earlier road rage incident where the victim had inadvertently cut off another driver. Witnesses later placed that other driver's car near the scene of the vehicle fire, and that led fire investigators to the DMV employee.

"When this landed in our lap, it was way beyond the scope of what we had anticipated finding," Ellis said.

The employee admitted that she had been illegally using her DMV access for 14 years and would routinely provide DMV information to other people with the understanding that it be used to commit crimes, Ellis said.

Fire investigators are still trying to determine if there's available technology to nail down the scope of the data accessed, she said.

DMV officials have no way of knowing exactly how many people had information revealed, Roberts, said, but the DMV is aware of two or three individuals who were targeted.

"From what we can determine, it appears to us that it was an isolated incident, but there's no way to track that," Roberts said.

The employee was put on administrative leave and then fired on March 11. Her name has not been released, but Roberts said she worked out of the main Utah State Tax Commission offices.

It appears she was the only employee engaging in that behavior, he said.

Ellis said the employee has not been charged yet. Fire investigators are still working with police and the district attorney's office to collect evidence. Roberts said investigators have taken the employee's work computer, hard drive and printer to determine what data may have been on it.

The incident is the second time this year that personal data kept by a state agency has been compromised. In January, a Utah Department of Health contractor lost a device containing personal information for about 6,000 Medicaid recipients.

Last year, hackers broke into a Health Department server containing personal data for about 780,000 people. The breach came after a technician placed the state's Medicaid server online without changing the factory password. Hackers then broke into the server and downloaded personal information, including Social Security numbers for about 280,000 people.

Since the March 2012 breach, the state has spent about $9 million on security audits, technology upgrades and credit monitoring for the victims.

Ellis said she hopes this latest incident will encourage other state agencies to look at how they're managing access to their data systems.


From Around the Web