IG: FMCSA IT Infrastructure at Risk of Compromise

The DOT inspector general's office wanted to find out if the Federal Motor Carrier Safety Administration's IT infrastructure contains security weaknesses.

Staff Writer・Editorial

Read Staff's Posts

October 22, 2021

IG: FMCSA IT Infrastructure at Risk of Compromise — Is the FMCSA vulnerable to hacking?
Photo: Public Domain

2 min to read

Three years after the Federal Motor Carrier Safety Administration’s new medical examiner’s registry was hacked, the agency’s information technology infrastructure is still at risk of being compromised, according to a new report from the Department of Transportation’s Inspector General’s office.

The FMCSA uses 13 web-based applications to aid vehicle registration, inspections, and other activities. Many of FMCSA’s information systems contain sensitive data, including personally identifiable information.

Although the IG’s report doesn’t cite a specific reason for its investigation, which began two years ago, the late 2017 hack of the registry is still causing delays in full implementation of the certified medical examiner program. While FMCSA said the hack was unsuccessful in that no personal information was exposed, the incident caused the agency to go back to the drawing board to develop a more secure portal.

According to its announcement, the inspector general's audit of FMCSA’s IT infrastructure was conducted because of the importance of FMCSA’s programs to the transportation system and sensitivity of some agency information. Its objective was to determine whether FMCSA’s IT infrastructure contains security weaknesses that could compromise the agency’s systems and data.

And it found them.

“We found vulnerabilities in several agency web servers that allowed us to gain unauthorized access to FMCSA’s network,” notes the IG’s report. “FMCSA did not detect our access or placement of malware on the network in part because it did not use required automated detection tools and malicious code protections. We also gained access to 13.6 million unencrypted [personally identifiable information] records. Had malicious hackers obtained this PII, it could have cost FMCSA up to $570 million in credit monitoring fees.”

The report also said FMCSA “does not always remediate vulnerabilities as quickly as DOT policy requires. These weaknesses put FMCSA’s network and data at risk for unauthorized access and compromise.”

The office made 13 recommendations, which it said the FMCSA concurred with. However, because publicizing the recommendations could constitute a security risk, the IG’s office did not disclose what those recommendations were.

Topics:U.S. DOT FMCSA Information Technology Cybersecurity Safety & Compliance

More Safety & Compliance

Disaster Response•by Jack Roberts•April 30, 2026

Avoiding Winter Pileups: Don’t Become the Next Link in the Crash-Chain

Winter roadway “pileups” aren’t one crash — they’re a chain reaction. Here’s what triggers them, how truck drivers can spot the danger early, and what to do if you're suddenly trapped in the mess.

Safety & Compliance•by Deborah Lockridge•April 29, 2026

FMCSA’s Motus System Is Coming. What Fleets Need to Know Now

The long-awaited registration system promises a single portal — and tighter fraud controls.

Fleet Management•April 24, 2026

Nominations Open for HDT Truck Fleet Innovators 2026

Heavy Duty Trucking is searching for forward-looking leaders at trucking fleets as nominations for HDT’s Truck Fleet Innovators 2026. Deadline is May 15.

Safety & Compliance•by News/Media Release•April 23, 2026

Freightliner Expands Detroit Assurance with New Intersection and Turning Safety Tech

Detroit’s next-generation ABA6 safety system adds cross-traffic detection and enhanced side guard assist with left-turn protection, targeting high-risk urban scenarios.

Fleet Management•by Deborah Lockridge•April 20, 2026

'Beyond Compliance,' Regulations, Driver Coaching on ATRI’s 2026 Research List

The American Transportation Research Institute will examine driver coaching, regulatory impacts — including the "Beyond Compliance" concept —and weather disruptions that shape trucking operations.

Illustration of colorful map of United States with DataQs website screen superimposed

Safety & Compliance•by Deborah Lockridge•April 15, 2026

FMCSA Revamps DataQs to Improve Fairness, Speed of Reviews

New requirements add firm deadlines and independent review steps, addressing long-standing complaints about inconsistent rulings and slow response times.

Illustration of driver medical exam paperwork over duotone background of a blood pressure check

Safety & Compliance•by Deborah Lockridge•April 14, 2026

FMCSA Extends Paper Medical Card Exemption … Again

Five states still aren't ready to accept commercial driver medical exam information directly from the medical examiner's registry.

Collage of Top 20 Product award ceremonies

Equipment•March 31, 2026

HDT Honors the Best New Products of 2025 at TMC [Photos]

Heavy Duty Trucking's Top 20 Products awards recognize the best new products and technologies. Check out the award presentations at the 2026 Technology & Maintenance Council annual meeting.

Detroit Engines: Trusted Performance, Built for What's Next

The Detroit® Gen 6 engine platform proves that real progress doesn’t require a complete redesign. Built on 20 years of trusted technology, these engines are designed for efficiency, stronger performance, and greater reliability than before. And they do it all while complying with 2027 EPA standards on every mile.

Safety & Compliance•by Jack Roberts•March 18, 2026

Aperia Expands Halo Platform with Steer-Tire Inflation System, Fifth-Wheel Integration

Aperia Technologies introduced a new automatic tire inflation system for steer axles and a partnership with Fontaine Fifth Wheel to integrate coupling status into its Halo Connect platform.

View All →