Utah’s driver license database — which contains millions of names, birth dates, fingerprints and Social Security numbers — fell short of security and password standards, according to a report released Tuesday by the Utah State Auditor.
Tuesday’s report is the second in a two-part audit of Utah’s Driver License Division, announced in January. The initial report found that personal driver data had been inappropriately shared with other agencies. The latest findings — delayed to allow corrective action before public release — suggests the division was susceptible to a data breach by failing to deactivate the user accounts of some former employees and failing to enforce password rules like character types, character minimums, quarterly password replacement and user lockouts following unsuccessful password attempts.