The Unified Carrier Registration Plan (UCR) has reported that the tax identification numbers of registrants may have been exposed during March due to “a website vulnerability (that) existed in its online National Registration System.”
From March 1 through March 28, “a UCR registrant’s Tax ID number was displayed in the status bar of the web browser of the receipt created upon completion of the registration process in the National Registration System. Immediately upon learning of the website vulnerability on March 28, the UCR eliminated the website vulnerability by completely removing the use of Tax ID numbers in the National Registration System.
“Shortly thereafter, the UCR hired a leading independent cybersecurity firm to perform a forensic investigation into the event.” The audit found that approximately 30,000 identification numbers may have been exposed, but, “There is no indication that a mass export of Tax ID numbers occurred.”
UCR said it submitted the list of breached numbers to the Federal Motor Carrier Safety Administration, which determined that 23,000 of the registrants used Social Security numbers as their tax identification. UCR said it will “individually notify this pool.”
The announcement continued, “As of today, the UCR is confident that there is no further risk of Tax ID number exposure. The issue has been resolved since the afternoon of March 28, 2019, and no future occurrence of displaying the Tax ID numbers of registrants can occur.”
Further information can be requested at privacy@legal.ucr.gov.
The UCR is an independent interstate compact responsible for developing, implementing and administering the National Registration System.
