ST. PAUL, Minn. (KMSP) - The Minnesota Department of Public Safety and state IT services confirmed 2 individuals conducted 55 unauthorized searches of the state driver’s license database. A forensic investigation identified 18 victims, who will be receiving notification letters in the mail.
The unauthorized access was first discovered on Aug. 2 and was stopped on Aug. 24. Data that may have been viewed includes:
Driver’s license number
Driver’s license photo
Date of birth
MN.IT is still investigating which other records may have been viewed, but confirmed Social Security numbers were not part of the search results.
There is no indication that the data accessed in these cases was used for any criminal purposes, but the affected individuals should review their credit reports on a regular basis.
Problem identified by member of public
The unauthorized access was discovered by a member of the public who found a website that allowed searches of the DVS database with access to data that should not be public. The access was disabled on Aug. 24.
How it happened
The access to that search function appears to be associated with a July 25 server reconfiguration that inadvertently removed the authentication process for authorized users.
In 2013, former Minnesota Department of Natural Resources data privacy expert John Hunt was charged with illegally using the driver’s license database to look up 19,000 records. Most of the records were women in the public eye, like TV news anchors, lawyers and athletes.