A data breach in **Flock Safety’s** camera software—widely deployed by law enforcement—resulted in unauthorized sharing of license plate and vehicle imagery with **federal immigration agencies** through pilot programs. While the breach did not affect the **Normal Police Department (Central Illinois)**, which adheres to the **Illinois Trust Act** (prohibiting non-criminal data sharing), other participating agencies inadvertently exposed data intended for combating **human trafficking and fentanyl distribution** to immigration enforcement. The leak stemmed from **lack of access protocols** in Flock Safety’s system, prompting the company to **pause all federal data-sharing pilots**.The compromised data includes **license plate records and vehicle images**, collected en masse by police departments. Although no direct financial or identity theft was reported, the breach raises concerns over **privacy violations**, **misuse of surveillance data**, and **potential targeting of undocumented individuals**. Flock Safety’s CEO acknowledged systemic gaps, while affected agencies face scrutiny over compliance with data-sharing laws. Periodic audits by departments like Normal PD aim to mitigate risks, but the incident highlights vulnerabilities in **third-party law enforcement tech partnerships** and the **unintended repurposing of surveillance data** for immigration enforcement.
TPRM report: https://www.rankiteo.com/company/flock-safety
"id": "flo5402154091125",
"linkid": "flock-safety",
"type": "Breach",
"date": "9/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': ['Multiple law enforcement '
'agencies (excluding Normal '
'Police Department)'],
'industry': 'Public Safety Technology / Law '
'Enforcement Software',
'name': 'Flock Safety',
'type': 'Private Company'},
{'customers_affected': 'None (data not shared)',
'industry': 'Law Enforcement',
'location': 'Normal, Illinois, USA',
'name': 'Normal Police Department',
'type': 'Government Agency'},
{'industry': 'Immigration Enforcement',
'location': 'USA',
'name': 'Unspecified Federal Immigration Agencies',
'type': 'Government Agency'},
{'industry': 'Public Safety',
'location': 'Central Illinois, USA',
'name': '32 Local Agencies (partnered with Normal '
'Police Department)',
'type': ['Government Agencies', 'Law Enforcement']}],
'data_breach': {'data_exfiltration': 'Yes (shared with unauthorized federal '
'agencies via pilot programs)',
'file_types_exposed': ['Images',
'Metadata (likely timestamp, '
'location)'],
'personally_identifiable_information': 'Indirect (license '
'plates linked to '
'vehicle owners)',
'sensitivity_of_data': 'Moderate (potential for tracking '
'individual movements; subject to '
'legal protections under Illinois '
'Trust Act)',
'type_of_data_compromised': ['License plate images',
'Vehicle location data']},
'description': 'A data breach in Flock Safety camera software, widely used by '
'law enforcement, leaked data to federal immigration agencies '
'through pilot programs aimed at combating human trafficking '
'and fentanyl distribution. The Normal Police Department '
'confirmed their data was not shared, adhering to the Illinois '
'Trust Act. Flock Safety has paused all federal data-sharing '
'pilots due to a lack of protocols.',
'impact': {'brand_reputation_impact': 'Moderate (public scrutiny over '
'data-sharing practices with federal '
'agencies)',
'data_compromised': ['License plate data', 'Vehicle images'],
'legal_liabilities': 'Potential violations of the Illinois Trust '
'Act for agencies that shared non-criminal '
'data',
'operational_impact': 'Pilot data-sharing programs paused; '
'reputational risk for Flock Safety and '
'participating agencies',
'systems_affected': ['Flock Safety camera software',
'Pilot program data-sharing systems']},
'investigation_status': 'Ongoing (internal review by Flock Safety; no '
'external investigation mentioned)',
'lessons_learned': ['Importance of clear protocols for data-sharing pilot '
'programs, especially with federal agencies.',
'Need for robust auditing mechanisms to prevent '
'unauthorized data access.',
'Legal risks of sharing law enforcement data with '
'immigration agencies without proper safeguards.'],
'motivation': 'Unintentional (operational oversight in pilot programs for '
'combating human trafficking and fentanyl distribution)',
'post_incident_analysis': {'corrective_actions': ['Pausing all federal '
'data-sharing pilots.',
'Reviewing and '
'strengthening data-sharing '
'policies.',
'Enhancing audit procedures '
'(as demonstrated by Normal '
'PD).'],
'root_causes': ['Lack of formal protocols for '
'federal data-sharing pilot '
'programs.',
'Inadequate oversight of data '
'access by federal agencies.',
'Potential misalignment between '
'pilot program goals and legal '
'requirements (e.g., Illinois '
'Trust Act).']},
'recommendations': ['Implement stricter access controls and audit trails for '
'data-sharing programs.',
'Conduct privacy impact assessments before launching '
'pilot programs with federal agencies.',
'Enhance transparency with local agencies and the public '
'regarding data-sharing practices.',
'Ensure compliance with state laws (e.g., Illinois Trust '
'Act) in all data-sharing agreements.'],
'references': [{'date_accessed': '2025',
'source': '25News Now',
'url': 'https://www.25newsnow.com'}],
'regulatory_compliance': {'regulations_violated': ['Illinois Trust Act '
'(potential violations by '
'agencies sharing '
'non-criminal data)']},
'response': {'communication_strategy': ['Public statement by Flock Safety CEO '
'Garrett Langley',
'Media statements by Normal Police '
'Department PIO Brad Park'],
'containment_measures': ['Paused all pilot data-sharing programs '
'with federal agencies'],
'enhanced_monitoring': ['Periodical audits to ensure compliance '
'with data-sharing policies (Normal PD)'],
'remediation_measures': ['Review and implementation of '
'data-sharing protocols']},
'stakeholder_advisories': ['Public statements by Flock Safety and Normal '
'Police Department'],
'title': 'Flock Safety Camera Software Data Breach Involving Federal '
'Immigration Agencies',
'type': 'Data Breach / Unauthorized Data Sharing',
'vulnerability_exploited': 'Lack of data-sharing protocols in pilot programs'}