Data Breach at DMV Contractor Exposes Vehicle Registration Data of Millions of Californians

The California Department of Motor Vehicles (DMV) is investigating a data breach at an address verification company that may have compromised vehicle registration information of millions of Californians.

Yesterday, the DMV started notifying vehicle owners that their registration records may have been exposed in a ransomware attack at the Automatic Funds Transfer Services (AFTS), a Seattle-based contractor the government agency uses.

The ransomware attack earlier this month”may have compromised information provided to AFTS by the DMV, including the last 20 months of California vehicle registration records,” the DMV said.

Potentially exposed data includes names, addresses, license plate numbers and vehicle identification numbers (VIN). Fortunately, AFTS had no access to Social Security numbers, date of birth, voter registration, immigration status or driver’s license information, and that information was not compromised in the breach, the DMV explained.

Once the DMV learned of the attack, it ceased transferring any further vehicle owner information to the AFTS, contracting a different vendor’s services to avoid affecting customer services.

The agency also notified law enforcement and the FBI, emphasizing that for the time, they found no indication that data records accessed in the AFTS ransomware attack were used for malicious purposes.

“Data privacy is a top priority for the DMV. We are investigating this recent data breach of a DMV vendor in order to quickly provide clarity on how it may impact Californians,” DMV Director Steve Gordon said. “We are looking at additional measures to implement to bolster security to protect information held by the DMV and companies that we contract with.”

Vehicle owners are advised to report any suspicious activity to local police.

Stop guessing what the internet knows about you. Find out with Bitdefender”s Digital Identity Protection tool!