Has Flock Been Hacked?

Has Flock Been Hacked?

No, Flock’s cloud platform has not been hacked. There has not been a leak of Flock information.

Flock’s cloud infrastructure has never been compromised. There has never been an incident in which customer data was accessed or exfiltrated by an attacker. This is not a matter of semantics or technical spin; it reflects Flock’s actual security record since its inception.

Claims suggesting otherwise often stem from misunderstandings about how Flock’s technology works, confusion between theoretical vulnerabilities and real-world exploitation, or mischaracterizations of independent security research. None of those claims points to a real breach.

“Security is never done,” said Flock CEO Garrett Langley. “It’s a commitment. And at Flock, it’s one we invest in every day.”

Has Flock Ever Had a Data Breach?

No, Flock Safety’s cloud platform has never experienced a data breach, and no customer data has ever been compromised.

From the beginning, Flock was designed around the core principle that customers own and control their data. That design choice significantly reduces systemic risk.

Flock does not maintain a centralized database of license plate reader data across customers. We do not sell or monetize vehicle data, and we do not share customer data without the customer's explicit authorization.

Every Flock customer, whether a city, county, law enforcement agency, neighborhood, school, or business, retains full ownership and control of the data collected on their behalf. Customers decide:

• Who can access their data
• How the data can be used
• How long data is retained
• Whether it is shared with another agency or organization
  ‍

There is no automatic data sharing. Customers are never enrolled in sharing relationships by default, and any sharing permissions can be revoked at any time.

This local-control model ensures decisions about data use remain aligned with local law, policy, and community expectations.

Addressing Security Research Transparently

On November 5, 2025, an independent security researcher published a white paper that compiled previously disclosed security findings related to Flock’s hardware and software.

Here’s what’s important to understand:

• The researcher worked with Flock throughout the study and disclosed the findings to us earlier in 2025.
• Flock issued a customer advisory, registered relevant vulnerabilities with the National Vulnerability CVE database via MITRE, and publicly disclosed information in line with industry best practices.
• The report did not identify any breach, compromise of customer data, or real-world exploitation.
  ‍

The theoretical vulnerabilities described were highly technical and would have required physical access to a device along with detailed knowledge of its internal hardware. No vulnerability affected customers’ ability to use Flock systems, and no customer action was required.

“When we are made aware of vulnerabilities, even when they are immaterial, we actively report them ourselves and develop a mitigation plan,” said Langley.

Responsible security research strengthens technology when it is handled transparently. Flock welcomes that scrutiny and engages with researchers in good faith to improve our systems over time.

How Secure Are Flock’s Cameras and Data?

Flock’s license plate readers and supporting systems are built with layered security, legal compliance, and local control at the core.

Customer-Owned Data by Design

Customers decide how their data is used, not Flock.

There are no back doors or hidden access paths. Federal, state, or neighboring agencies cannot access data unless a customer explicitly approves it. Flock employees do not access customer data except in tightly controlled, audited circumstances for support or maintenance.

This approach avoids centralization and preserves autonomy at the most local level possible.

Built-In Privacy Protections

Flock’s license plate readers (LPRs) are intentionally limited in scope:

• LPRs capture point-in-time images of vehicles on public roadways
• LPRs do not track vehicles continuously
• LPRs do not use facial recognition
• LPRs cannot search for personal traits such as race or gender
• LPRs do not collect personally identifiable information like names, addresses, or DMV records
  ‍

Images that are not used in an investigation are automatically deleted. The standard retention is 30 days unless a customer requires otherwise in accordance with local law or policy.

More details about these safeguards are available on our Privacy & Ethics page.

What Is Flock Doing to Prevent Hacks or Data Breaches?

Flock continuously invests in safeguards that evolve alongside technology, law, and customer expectations.

Flock technology includes Multi-Factor Authentication (MFA) by default and encourages all users to adopt MFA or Single Sign-On (SSO). Additional MFA methods are planned for rollout in 2026 to further strengthen account security.

To support this work, Flock recently welcomed Chief Information Security Officer Chris Castaldo, a seasoned security leader with experience scaling technology companies and serving at the National Security Agency.

“Throughout my conversations, it was clear that cybersecurity is deeply embedded in Flock’s success, from the investment in the team to the way the security function is structured within the legal organization to ensure risk is managed holistically across the business, with executive visibility and accountability,” said Castaldo.

Secure by Design

Flock actively aligns with CISA’s Secure by Design principles and engages with CISA to strengthen both device and platform security. Because devices are maintained by Flock on behalf of customers, we can deploy updates and fixes quickly, without placing additional burden on agencies or organizations.

Our teams continuously evaluate:

• Hardware security
• Software vulnerabilities
• Cloud infrastructure
• Access controls
• Audit logging
  ‍

Findings are prioritized by risk, remediated, and transparently disclosed when appropriate.

Transparent Governance and Accountability

Flock works with customers to define clear contractual language covering:

• Data security obligations
• Auditability
• Sharing controls
• Retention policies
  ‍

Collaboration between agencies, local, state, or federal, happens only when customers choose it and only within legal bounds. This enables coordination on serious crimes, such as human trafficking or multi-jurisdictional investigations, without eroding local autonomy or trust.

Continuous Improvement

Flock’s security program is designed for continuous improvement.

Flock:

• Registers vulnerabilities through MITRE when applicable
• Publishes customer advisories
• Remediates issues through hardware and software updates
• Engages researchers, policymakers, and advocacy groups transparently

Learn More

Flock partners with more than 6,000 communities nationwide to support informed, transparent public safety decisions that reflect local values. Trust is earned through clarity, accountability, and action, and we remain committed to all three.

To explore further:

• Visit our Privacy & Ethics page
• Read our Security Updates
• Learn how built-in safeguards support responsible use in our blog: Search Safeguards: How Flock’s Search Filters Work
  ‍

If you have security-related questions, contact securityquestions@flocksafety.com.