Full Report
The cameras will stay off until the Mountain View City Council can discuss how to handle the matter at a February 24 meeting, Police Chief Mike Canfield said in a letter to the community.
Analysis Summary
# Incident Report: Unauthorized Data Sharing by ALPR Vendor (Flock Safety)
## Executive Summary
The Mountain View Police Department proactively disabled 30 Flock automated license plate reader (ALPR) cameras after discovering that the vendor, Flock Safety, had shared the city's sensitive license plate data with unauthorized third parties. The compromise involved enabling a statewide lookup tool without city permission, granting access to hundreds of California police departments for 17 months, and specific illegal access by out-of-state agencies over several months. The primary response has been the immediate shutdown of the cameras pending a City Council review, while the Police Chief expressed a loss of confidence in the vendor.
## Incident Details
- **Discovery Date:** Prior to answering a public records request (January/February 2026 timeframe).
- **Incident Date:** Unauthorized access/sharing began around May 2024 (contract start) until discovery; specifically, out-of-state access occurred from August through November 2024.
- **Affected Organization:** City of Mountain View Police Department (MVPD).
- **Sector:** Government/Law Enforcement.
- **Geography:** Mountain View, California, USA.
## Timeline of Events
### Initial Access
- **Date/Time:** Contract began May 2024. Unauthorized features activated around this time or shortly after.
- **Vector:** Vendor misconfiguration/unauthorized feature activation within the Flock Safety platform.
- **Details:** Flock Safety enabled a statewide lookup tool without Mountain View's prior authorization, granting access to the city's data.
### Lateral Movement
- **Date/Time:** Statewide access active for approximately 17 months. Specific out-of-state access: August through November 2024.
- **Vector:** Platform-level feature enablement.
- **Details:** Hundreds of California police departments were able to search Mountain View's database via the enabled statewide tool. Additionally, out-of-state agencies gained illegal access to one camera's data.
### Data Exfiltration/Impact
- **Details:** Sensitive ALPR data belonging to Mountain View residents was searchable by unauthorized entities, including out-of-state agencies, potentially violating California law which bans sharing ALPR data with out-of-state agencies and use for immigration enforcement.
### Detection & Response
- **Date/Time:** Discovery occurred while preparing a response to a local news outlet's public records request.
- **Response actions taken:** Police Chief Mike Canfield ordered the immediate shutdown of all 30 Flock ALPR cameras. The decision to reactivate them is deferred to the February 24 City Council meeting.
## Attack Methodology
*Note: As this involved a vendor platform configuration error rather than a traditional cyberattack, standard MITRE ATT&CK columns relate to the unauthorized data disclosure mechanism.*
- **Initial Access:** Not applicable (Vendor relationship exploited).
- **Persistence:** Not applicable (Data sharing mechanism remained active).
- **Privilege Escalation:** Not applicable (Vendor used platform capabilities, bypassing agreed-upon access controls).
- **Defense Evasion:** The vendor failed to proactively disclose the existence of the access mechanisms.
- **Credential Access:** Not applicable (Access was granted via platform settings, not stolen credentials).
- **Discovery:** Not applicable (Data was exposed via a systemic platform feature).
- **Lateral Movement:** Enabled statewide data searching capability.
- **Collection:** ALPR location data/travel patterns.
- **Exfiltration:** Unauthorized searching and potential downloading of data by other agencies.
- **Impact:** Violation of local data sharing policies and state law concerning cross-jurisdictional and immigration data use.
## Impact Assessment
- **Financial:** Not disclosed.
- **Data Breach:** Sensitive ALPR data shared without consent; scope includes data captured over 17 months accessible to hundreds of agencies, plus exposure to out-of-state entities.
- **Operational:** ALPR surveillance capabilities immediately halted pending council review. Police operations utilizing this data stream are disrupted.
- **Reputational:** Public disappointment expressed; Police Chief stated loss of confidence in the vendor and apologized for "false assurances."
## Indicators of Compromise
- **Network indicators:** None disclosed (Related to internal platform sharing).
- **File indicators:** None disclosed.
- **Behavioral indicators:** Unauthorized querying of Mountain View's ALPR database by external agencies (statewide and out-of-state) occurring between May 2024 and January 2026.
## Response Actions
- **Containment measures:** Immediately turned off all 30 Flock automated license plate reader (ALPR) cameras.
- **Eradication steps:** In progress; awaiting vendor remediation/contract review.
- **Recovery actions:** Deferred pending City Council discussion on February 24 regarding vendor relationship and security posture.
## Lessons Learned
- **Key takeaways:** Reliance on vendor assurances regarding data access controls is insufficient; proactive, independent verification of security controls and access logs is necessary.
- **What could have been done better:** MVPD believed they had built-in protections that the vendor circumvented, highlighting the need for contractual specificity and technical audits demonstrating compliance with stricter local policies.
## Recommendations
- Conduct a thorough, potentially third-party, audit of any vendor platform that processes sensitive public data to confirm that access controls are enforced exactly as stipulated in the contract (e.g., confirming statewide tools are truly disabled).
- Establish internal technical mechanisms to monitor and alert on any unauthorized cross-jurisdictional data access attempts, rather than relying solely on vendor disclosure or public records requests.
- Review contract with Flock Safety immediately and establish clear, measurable metrics for data transparency and access reporting.