The personal information of over 30,000 truck drivers and carriers were exposed on the Unified Carrier Registration Plan (UCR) website.
According to a statement posted by the UCR, a vulnerability on its website “could have potentially exposed” the sensitive information of approximately 23,000 truck drivers and 7,000 carriers.
After logging in to the UCR website, users’ Tax ID information was displayed in the URL of the web page that users were taken to. The vulnerability was discovered on March 28th and was remedied the same day. But from March 1st through March 28th, user data was vulnerable.
Since some owner-operators use their SSN instead of a Tax ID number, that is the information that was displayed instead. According to UCR, the agency will be notifying all of those whose Social Security Numbers were exposed.
UCR says that there is “no indication that a mass export” of data occurred during the vulnerability. They also claim that they’re “confident” that there is no further risk of exposure.
If you have questions about the incident, you can contact the agency at email@example.com.