Sacramento – A company used by the California Department of Motor Vehicles to verify vehicle registration addresses has had a security breach, and the DMV is notifying customers out of an abundance of caution.
Automatic Funds Transfer Services, Inc. of Seattle was the victim of a ransomware attack in early February that may have compromised information provided to AFTS by the DMV, including the last 20 months of California vehicle registration records that contain names, addresses, license plate numbers, and vehicle identification numbers.
AFTS does not have access to DMV customers’ Social Security numbers, birthdates, voter registration, immigration status, or driver’s license information, therefore this data was not compromised.
Upon being notified of the potential security breach, the DMV immediately stopped all data transfers to AFTS and notified law enforcement, including the Federal Bureau of Investigation.
“Data privacy is a top priority for the DMV. We are investigating this recent data breach of a DMV vendor in order to quickly provide clarity on how it may impact Californians,” DMV Director Steve Gordon said. “We are looking at additional measures to implement to bolster security to protect information held by the DMV and companies that we contract with.”
The DMV has contracted with AFTS since 2019 to cross-reference addresses with the national database – which gets updated whenever someone files a change of address with the U.S. Postal Service National Change of Address Database – to ensure vehicle registration renewal notices are mailed to a customer’s current address. The DMV does not use this service to verify driver’s license addresses.
The DMV is initiating an emergency contract with a different address verification company to ensure there are no impacts to customer service. The DMV is reviewing processes with AFTS to determine the further security enhancements needed to prevent future breaches.
While the DMV Investigations branch has no indication at this time that information accessed by the ransomware attack on AFTS has been used by the attackers for any nefarious reason, the DMV urges customers to report any suspicious activity to law enforcement.
The DMV will continue to monitor the situation and work with the appropriate law enforcement agencies.
REAL NAMES ONLY: All posters must use their real individual or business name. This applies equally to Twitter account holders who use a nickname.
You can be the first one to leave a comment.