A report from the Colorado State Auditor reveals that the state DMV’s data security system is so flawed that it puts the personal information of 3.4 million driver’s license and state ID cardholders at risk of identity theft or fraud. The State Auditor told the Colorado legislature that, among other things, the Colorado DMV “does not have adequate processes for mitigating the risk of employee-perpetrated fraud or measuring the effectiveness of its improvements to the issuance system” and “the Department’s management of information security is fragmented, disorganized, and poorly planned.”
The State Auditor explained that the DMV transmitted large batches of personally identifiable data unencrypted. “These batch transmissions could be intercepted by unscrupulous individuals and expose Colorado residents to identity theft and other criminal activity.” A significant problem is that “the Department lacks a tracking mechanism for collecting and analyzing statistics on the effectiveness of its controls for preventing fraudulent issuances [of licenses or ID cards]. As such, the Department cannot determine whether additional controls or system enhancements are needed.”
Under the REAL ID national identification system being pushed by the US Department of Homeland Security, the databases of 56 states and territories would be linked, allowing any individual state to access all of the others’ information. This massive, centralized system would include the personal data of 245 million license and ID cardholders nationwide. It would be a tempting target for identity thieves, because if a criminal could break just one state’s data security system, then he would have access to the sensitive data retained by all 56 states and territories.