Deadline approaching for dealing with UCR data breach
November 8, 2019
•Land Line Staff
If you were affected by the Unified Carrier Registration data breach earlier this year, time is running out for you to take action to protect your identity.
Businesses organized as a limited-liability corporation have until next Saturday, Nov. 16, to contact UCR to sign up for identity theft protection for an individual who had their tax identification or Social Security number exposed during a data breach in March.
Companies that are organized as a sole proprietorship have until Jan. 16 to contact UCR for assistance with the breach. Approximately 23,000 carriers may have provided a Social Security number as a tax ID. About 12,000 organizations and 11,000 sole proprietors were potentially affected.
Tamara Young with OOIDA’s Permits and Licensing Department says the company has hired cyber security firm Kroll Information Assurance LLC to help provide identity protection services to anyone affected by the breach. UCR has sent letters to those who were affected.
“At this point, just make sure you keep an eye on your identity, your credit,” Young said in an interview with Land Line Now. “If you see you’re affected by this in any way, please make sure to contact the UCR.”
Last month, the agency reported a vulnerability in its system that from March 1 through March 28 caused a UCR registrant’s tax ID number to display in the status bar of the web browser of the receipt created when registering in the system.
UCR says it submitted a list of approximately 30,000 at-risk registrants to the Federal Motor Carrier Safety Administration for further assistance. UCR requested the agency run those entries through the Motor Carrier Management Information System database to determine the number of registrants who may have used a Social Security number as a tax ID number.
UCR says it is individually notifying those carriers about the data vulnerability and has mailed offers for identity monitoring services to the affected carriers. The UCR’s statement on the data breach says there is “no further risk of tax ID number exposure” and no indication that a “mass export of tax ID numbers occurred” during the period in question.
Young says organizations or owner-operators with an LLC or corporation have until Nov. 16 to contact the UCR to give them the names of those whose data may have been exposed. Individuals with sole proprietorship have until Jan. 16 to contact the UCR. The e-mail address is privacy@legal.UCR.gov, or contact Kroll Information Assurance at 877-300-6816.
News Anchor Terry Scruton contributed to this report.