A ransomware attack on a third-party vendor for the California Department of Motor Vehicles (DMV) may have affected users’ sensitive information. DMV stated that Automatic Funds Transfer Services (AFTS), which verifies vehicle registration addresses for local DMV customers, was hit by a cyberattack earlier this month, which may have affected California vehicle registration records of the last 20 months.
The exposed records contain names, addresses, license plate numbers, and vehicle identification numbers (VIN). However, DMV clarified that AFTS does not have access to the customers’ social security numbers, birthdates, voter registration, immigration status, and driver’s license information.
The DMV temporarily halted all data transfers to AFTS and notified the FBI and law enforcement authorities for further investigation on the incident. While there is no evidence whether any cybercriminal group misused the exposed data after the cyberattack, the DMV urged customers to report any suspicious incident.
“Data privacy is a top priority for the DMV. We are investigating this recent data breach of a DMV vendor to quickly provide clarity on how it may impact Californians. We are looking at additional measures to implement to bolster security to protect information held by the DMV and companies that we contract with,” said DMV Director Steve Gordon said.
Not the First Time!
Earlier, information of thousands of drivers was exposed in a data breach after the DMV was hit by a cyberattack that had gone unnoticed for four years. It was found that the social security information of 3,200 driver’s license holders was improperly accessed by federal agencies, including the Department of Homeland Security, Internal Revenue Service, Small Business Administration, and district attorneys in San Diego and Santa Clara counties.