A potential security breach of everyone in Arizona’s driver’s license database has been kept quiet for seven years, reports ProPublica.
“That really is outrageous,” says Mikel Longman, the former criminal investigations chief at the Arizona Department of Public Safety. “Every Arizona resident who had a driver’s license or state-issued ID card and all that identifying stuff is potentially compromised. That’s a huge breach.”
How did it happen and why didn’t Longman or other Arizona officials know about it?
After 9/11, a government contractor — a small Phoenix firm — had partnered with a Chinese businessman on facial recognition technology and the Chinese firm became responsible for hiring the “technology people.”
By 2007, the Phoenix company got a no-bid contract from the Maricopa County Sheriff’s Office, and the Chinese partner arranged to send Lizhong “Larry” Fan from Zhengzhou, China, to Phoenix to work in a counter-terrorism center in Phoenix.
For five months, Fan’s task was to program the facial recognition system. He brought his laptop to work with him and often took material to his rental home, according to ProPublica.
Fan had a minder, but she was a sheriff’s deputy not a technology wiz.
At work, “Fan had access to the center’s main network,” reports ProPublica, citing sources with first-hand knowledge of Fan’s work arrangements. “From there, he would have been able to see the directory of federal agents and state police working at the Arizona counterterrorism center.”
Then one day, Fan abruptly left for China, taking with him two laptops and additional hard drives.
It’s unclear what happened next, but, according to ProPublica the sheriff’s chief deputy and others were embarrassed and wanted to keep the whole thing quiet.
Longman received no warning of the possible breach. The attorney general of Arizona was not notified.
Read more at ProPublica here.