Earlier this year, the California Department of Motor Vehicles alerted drivers of a security breach.
The leak exposed the personal information of up to 40 million California drivers.
The affected data included almost two years’ worth of vehicle registration records.
This included the owner’s name, address, license plate, and VINs.
The California DMV blamed the leak on a billing contractor that was the victim of a ransomware attack.
As soon as the DMV learned of the leak, they stopped sharing information with the contractor.
The target of the hack was a company called Automatic Funds Transfer Services.
This is a Seattle company that handles billing and statement processing for the DMV.
In a statement the DMV said…
“While the DMV Investigations branch does not indicate at this time that information accessed by the ransomware attack on AFTS has been used by the attackers for any nefarious reason, the DMV urges customers to report any suspicious activity to law enforcement.”
In other words, they know there was a cyber-attack but don’t know what data was stolen.
And it doesn’t look like the DMV is going to put much effort into helping affected customers.
The reality is, as more things go digital, cyber-attacks will no doubt continue to increase.
In 2020, malware increased by 358% and ransomware increased by 435% compared to 2019.
That’s in one year.
And every minute, $2.9 million is lost to cybercrime – and this will only go up.
Cybercrime is projected to cost the world $10.5 trillion annually by 2025.
Over the past year, tech companies and governments have introduced health passports.
They see this as a way to reopen businesses and borders.
These are digital apps that are a way to prove vaccination without having to show a physical card.
For example, instead of a physical card, an airline could scan a QR code on your phone to verify medical records.
The European Union, Israel, Japan, and Singapore have considered vaccine passports.
States like California and New York are also looking into the technology.
And some tech companies are asking: “why stop there?”
There’s talk of expanding the vaccine passport technology to include other forms of digital ID.
For example, you have your social security card, and state driver’s license in a digital format on your phone in case you need it.
The argument is that it could help prevent ID theft.
But, there is no doubt this type of app or software would draw the interest of cyber hackers around the world and could be a giant mess.
In fact, here are a few factors the come into play when you put your identification documents into an app.
The private sector has stepped up to build this type of software but governments have lagged behind.
The problem is, private companies need to meet certain software standards.
Since 2019, 66% of companies say they have increased their budgets to meet cyber security regulations.
However, the government hasn’t kept up.
The government is terrible at cyber security. Just ask the more than 22 million Americans who had their security clearance information stolen by the Chinese. (I was one of them.)
So, I wouldn’t trust some government app.
Tech companies are extremely private when it comes to their products – just ask Apple.
Most likely, the tech companies don’t want to share the ingredients to their secret sauce.
But, this also means that users don’t know what security features and protections are in place.
If you are going to have an app for identification, the general public should know exactly what the app can and can’t do.
Plus, users need to know how it protects information.
If the app doesn’t clearly state how your information is stored, transferred, and used then I would avoid it.
Smartphone or cloud?:
If you are going to store important personal documents, is it better to have them just on your phone or in the “cloud” as well?
The reality is that the app would need to connect with your DMV, doctor, and many other organizations.
But you would have to trust that information is being securely transferred.
There would be security problems if your smartphone was stolen.
And there would be concern about the cloud service being hacked.
If the digital ID app connects with third parties, you want to make sure that it stays secure when dealing with all parties.
This bottom line is, as you can clearly see, putting all of your information into a “digital passport” could be highly dangerous.
I definitely wouldn’t be jumping on this bandwagon anytime soon and I wouldn’t let anyone talk you into being a guinea pig for this type of thing.
It’s a recipe for disaster and hackers will have a field day.