Security Breach May Have Exposed DMV Drivers’ Personal Information
Sacramento, CA – A investigation is underway regarding a security breach that may impact certain California Department of Motor Vehicles (DMV) records.
In notifying drivers, DMV officials noted the alert was done out of an abundance of caution, as it was not the department’s systems that were hacked. The online attack targeted a company the DMV uses to verify vehicle registration addresses. State officials stressed that the department’s systems have not been compromised, but it is unknown if data shared with that company was exposed.
“Automatic Funds Transfer Services, Inc. (AFTS) of Seattle was the victim of a ransomware attack in early February that may have compromised information provided to AFTS by the DMV, including the last 20 months of California vehicle registration records that contain names, addresses, license plate numbers and vehicle identification numbers (VIN),” relayed the DMV in a written press release, adding, “AFTS does not have access to DMV customers’ Social Security numbers, birthdates, voter registration, immigration status or driver’s license information, therefore this data was not compromised.”
A soon as the breach was detected, the DMV immediately stopped all data transfers to AFTS and notified law enforcement, including the Federal Bureau of Investigation.
“Data privacy is a top priority for the DMV. We are investigating this recent data breach of a DMV vendor to quickly provide clarity on how it may impact Californians,” DMV Director Steve Gordon said. “We are looking at additional measures to implement to bolster security to protect information held by the DMV and companies that we contract with.”
AFTS has been under contract with the DMV since 2019. It notifies the department whenever someone files a change of address with the U.S. Postal Service to ensure registration renewal notices go to that new address. The DMV does not use this service to verify driver’s license addresses, according to the department.
The DMV is initiating an emergency contract with a different address verification company to ensure there are no impacts to service. Currently, investigators have no indication that the hackers have used the stolen information for “any nefarious reason.” However, the DMV urges customers to report any suspicious activity to law enforcement. Department officials relay they will continue to monitor the situation and work with the appropriate law enforcement agencies.