Cyber Incident Victim: Idaho Transportation Department
Date:
Dec 2017
Location:
United States of America
Summary
A state transportation department experienced a compromise of two email accounts, potentially exposing sensitive personal information of commercial truckers and associated companies registered within the state. The breach impacted approximately 140 individuals and entities, with compromised data including Social Security numbers and credit card details. The department identified and notified affected parties following the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In mid-December 2017, unauthorized actors breached two email accounts at the Idaho Transportation Department (ITD), potentially compromising sensitive personal information belonging to commercial truck operators registered in the state. The attack targeted ITD's Division of Motor Vehicles systems, exposing data that included Social Security numbers and credit card information. The department identified approximately 140 affected individuals and commercial entities whose private details were contained within the compromised email accounts. While the exact method of intrusion remained unspecified in public disclosures, the incident represented a significant breach of systems handling sensitive commercial driver records. ITD initiated an internal investigation upon discovering the email compromise, though the specific timeline between initial detection and full system assessment was not detailed in available reports. The breach exclusively impacted commercial trucking registrants rather than general driver's license holders or other departmental records.
The Idaho Transportation Department, under the direction of State Information Security Director Jeff Weak, formally notified all potentially impacted parties following its investigation into the email account breach. Notification occurred by February 2018, approximately two months after the mid-December attack was detected. Public disclosure emphasized the exposure of financial identifiers and government-issued identification numbers but did not specify whether fraudulent activity had occurred using the compromised data. ITD's response focused on individual notifications rather than broader public announcements beyond initial media reports. No information was released regarding whether law enforcement agencies were engaged or whether additional security measures were implemented for the email systems post-breach. The incident remained confined to email account access without evidence of wider network infiltration according to official statements.