Flock Safety ALPR Breach Exposes California License Plate Data to Out-of-State Agencies
A security lapse in Flock Safety’s automated license plate reader (ALPR) system has raised concerns over compliance with California’s strict privacy laws. The breach, disclosed by the Ventura County Sheriff’s Office (VCSO) on February 27, allowed federal and out-of-state law enforcement agencies to access local ALPR data despite state prohibitions on such sharing.
The VCSO, which serves unincorporated areas and contracting cities like Thousand Oaks and Simi Valley, reported that a vendor error reactivated the "national lookup" feature in early 2025, enabling unauthorized queries. Between February 19 and March 19, 2025, external agencies conducted over 364,000 searches of Ventura County’s ALPR data, with 299 queries explicitly linked to immigration enforcement violating California’s restrictions on sharing data for such purposes.
The Oxnard Police Department (OPD) also suspended its ALPR use after an audit revealed the same issue. Both agencies had previously disabled the national lookup feature in 2023 to comply with state law, but Flock’s system error reactivated it without their knowledge.
Flock Safety, which provides fixed-position ALPRs to multiple California jurisdictions, attributed the breach to a system change in March 2024 that inadvertently reintroduced the feature. The company has since implemented internal safeguards, while the VCSO has added daily audits to monitor system settings and access logs.
The incident underscores ongoing tensions between law enforcement technology and privacy regulations, particularly in states with strict data-sharing restrictions.
Source: https://www.toacorn.com/articles/county-license-plate-readers-mined-for-data/
Flock Safety TPRM report: https://www.rankiteo.com/company/flock-safety
Ventura County Sheriff’s Office TPRM report: https://www.rankiteo.com/company/ventura-county-sheriff’s-office
"id": "floven1772764366",
"linkid": "flock-safety, ventura-county-sheriff’s-office",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Residents of unincorporated '
'Ventura County and contracting '
'cities (e.g., Thousand Oaks, '
'Simi Valley)',
'industry': 'Public Safety',
'location': 'Ventura County, California, USA',
'name': 'Ventura County Sheriff’s Office (VCSO)',
'type': 'Government / Law Enforcement'},
{'customers_affected': 'Residents of Oxnard, California',
'industry': 'Public Safety',
'location': 'Oxnard, California, USA',
'name': 'Oxnard Police Department (OPD)',
'type': 'Government / Law Enforcement'},
{'customers_affected': 'Multiple California '
'jurisdictions using Flock '
'Safety ALPRs',
'industry': 'Technology / Surveillance',
'location': 'Atlanta, Georgia, USA',
'name': 'Flock Safety',
'type': 'Private Company'}],
'attack_vector': 'Vendor Error / Misconfiguration',
'data_breach': {'number_of_records_exposed': '364,000+ unauthorized searches',
'personally_identifiable_information': 'License plate numbers '
'(indirectly linked to '
'individuals)',
'sensitivity_of_data': 'High (location tracking, potential '
'linkage to individuals)',
'type_of_data_compromised': 'License plate data, location '
'data, and associated metadata'},
'date_detected': '2025-02-19',
'date_publicly_disclosed': '2025-02-27',
'description': 'A security lapse in Flock Safety’s automated license plate '
'reader (ALPR) system allowed federal and out-of-state law '
'enforcement agencies to access local ALPR data despite '
'California’s strict privacy laws prohibiting such sharing. '
'The breach was disclosed by the Ventura County Sheriff’s '
'Office (VCSO) on February 27, 2025, and involved over 364,000 '
'unauthorized searches, including 299 queries linked to '
'immigration enforcement.',
'impact': {'brand_reputation_impact': 'Negative impact on Flock Safety’s '
'compliance with state privacy laws',
'data_compromised': 'License plate data and associated metadata',
'legal_liabilities': 'Potential violations of California privacy '
'laws (e.g., SB 34, AB 328)',
'operational_impact': 'Suspension of ALPR use by Oxnard Police '
'Department',
'systems_affected': 'Flock Safety ALPR system'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Need for stricter vendor oversight, regular audits of '
'system configurations, and compliance with state-specific '
'privacy laws. Highlights risks of automated system '
'updates reactivating disabled features.',
'post_incident_analysis': {'corrective_actions': 'Disabled national lookup '
'feature, implemented daily '
'audits, added internal '
'safeguards at Flock Safety.',
'root_causes': 'Vendor error (Flock Safety) '
'reactivating a disabled feature '
'during a system update in March '
'2024, lack of automated alerts for '
'configuration changes, '
'insufficient oversight of system '
'settings.'},
'recommendations': ['Implement automated alerts for system configuration '
'changes',
'Conduct regular audits of access logs and system '
'settings',
'Enhance vendor accountability for compliance with state '
'laws',
'Develop stricter protocols for sharing ALPR data with '
'out-of-state agencies'],
'references': [{'source': 'Ventura County Sheriff’s Office Disclosure'},
{'source': 'TechCrunch / CyberScoop (assumed media coverage)'}],
'regulatory_compliance': {'regulations_violated': ['California SB 34',
'California AB 328']},
'response': {'communication_strategy': 'Public disclosure by VCSO on February '
'27, 2025',
'containment_measures': 'Disabled national lookup feature, '
'implemented daily audits of system '
'settings and access logs',
'enhanced_monitoring': 'Daily audits of system settings and '
'access logs',
'remediation_measures': 'Flock Safety implemented internal '
'safeguards to prevent recurrence'},
'stakeholder_advisories': 'California law enforcement agencies using Flock '
'Safety ALPRs advised to audit system settings and '
'access logs.',
'title': 'Flock Safety ALPR Breach Exposes California License Plate Data to '
'Out-of-State Agencies',
'type': 'Data Breach',
'vulnerability_exploited': 'System misconfiguration reactivating disabled '
'feature'}