Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

California DMV Hit with Security Breach; Credit Info Stolen

By - Source: Toms IT Pro

The California DMV may have been a victim of a credit card breach, according to a post by Brian Krebs on KrebsOnSecurity. However, as usually happens in situations of this type, no one involved wants to confirm details, so not all information is available and additional updates are expected.

Online transactions are potentially involved, but no specific number of cards are known to be impacted by the breach. However, because it is estimated that more than 11.9 million online transactions occurred during 2012, the number is likely to have increased over the past year, so the potential exposure could be massive.

Krebs indicated that an alert sent by MasterCard to financial institutions indicated the date range of the possibly compromised transactions occurred between August 2, 2013 and January 31, 2014. The stolen data included card numbers, expiration dates, and the three-digit security code printed on the back of cards. A MasterCard representative, according to Krebs' post, later confirmed the alert, but not the details.

Krebs' report also indicated that the credit card processor, Elavon, could have been the source of the breach. However, in an update this morning, a representative of the parent firm of Elavon, U.S. Bank told Krebs "there has been no confirmation of a breach. We are in touch with the CA-DMV and the authorities to determine if there is an issue."

Amando Botello, DMV Public Information Office for the California Department of Motor Vehicles, released the following statement on March 22:

"The Department of Motor Vehicles has been alerted by law enforcement authorities to a potential security issue within its credit card processing services.

There is no evidence at this time of a direct breach of the DMV’s computer system. However, out of an abundance of caution and in the interest of protecting the sensitive information of California drivers, the DMV has opened an investigation into any potential security breach in conjunction with state and federal law enforcement.

In its investigation, the department is performing a forensic review of its systems and seeking information regarding any potential breach from both the external vendor that processes the DMV’s credit card transactions and the credit card companies themselves.

Protecting the identity and security of our customers is our highest priority and we fully understand the potential impact any breach of security can have. The department has implemented heightened monitoring of all DMV website traffic and credit card transactions. We will immediately notify any affected DMV customers as quickly as possible if we find any issue. DMV customers are also encouraged to closely monitor their credit card statements and transactions for any fraudulent or unusual activity and report it to their credit card company immediately.

DMV customers can continue to pay with cash, check, or money order in person at their local DMV office. Californians with questions about fraud or identity theft can access important information on through this DMV Identity Fraud Factsheet.

We will continue to provide consumer updates on our website as we gather more factual information.”

For more information and updates on California DMV's data breach visit