California DMV Halts Data Transfers After Vendor Breach

Written by

A recent cyber-attack on a company based in Seattle, Washington, may have compromised the data of millions of drivers residing in California.

The California Department of Motor Vehicles has contracted with Automatic Funds Transfer Services, Inc. (AFTS) since 2019 to cross-reference addresses with the national database as part of a process to ensure the addresses to which vehicle registration renewal notices are mailed are correct. 

According to a statement released by the DMV on Wednesday, data belonging to its customers may have been compromised when AFTS was hit with a ransomware attack earlier this month.

"Automatic Funds Transfer Services, Inc. (AFTS) of Seattle was the victim of a ransomware attack in early February that may have compromised information provided to AFTS by the DMV, including the last 20 months of California vehicle registration records that contain names, addresses, license plate numbers and vehicle identification numbers (VIN)," said the DMV.

"AFTS does not have access to DMV customers’ Social Security numbers, birthdates, voter registration, immigration status or driver’s license information, therefore this data was not compromised."

Since learning of the security incident, the DMV has ceased all data transfers to AFTS and reported the cybercrime to law enforcement, including the Federal Bureau of Investigation.

“Data privacy is a top priority for the DMV. We are investigating this recent data breach of a DMV vendor in order to quickly provide clarity on how it may impact Californians,” said DMV director Steve Gordon.

“We are looking at additional measures to implement to bolster security to protect information held by the DMV and companies that we contract with.”

Officials at the DMV said that no evidence had come to light that California drivers' data stolen in the attack had been misused. 

“While the DMV Investigations branch has no indication at this time that information accessed by the ransomware attack on AFTS has been used by the attackers for any nefarious reason, the DMV urges customers to report any suspect activity to law enforcement," officials said in a statement seen by ABC News.

"The DMV will continue to monitor the situation and work with the appropriate law enforcement agencies.”

Statistics based on 2019 population estimates suggest that California, with more than 26 million licensed drivers, has more licensed drivers than any other state.

What’s hot on Infosecurity Magazine?