SACRAMENTO, Calif. — The California Department of Motor Vehicles (DMV) is warning customers that some of their personal information may have been accessed following a data breach at a company the DMV contracts to verify vehicle registration addresses.
According to the DMV, the ransomware attack happened in early February at Automatic Funds Transfer Services, Inc. (AFTS), a Seattle-based company with which the DMV has contracted since 2019 to ensure vehicle registration renewal notices are mailed to a customer’s current address.
Customer records that may have been stolen include names, addresses, license plate numbers, and vehicle identification numbers over the last 20 months, the DMV said.
No DMV systems were breached in the attack, officials said, and customers’ Social Security numbers, birthdates, voter registration, immigration status or driver’s license information was not compromised.
“Data privacy is a top priority for the DMV. We are investigating this recent data breach of a DMV vendor in order to quickly provide clarity on how it may impact Californians,” DMV Director Steve Gordon said. “We are looking at additional measures to implement to bolster security to protect information held by the DMV and companies that we contract with.”
The DMV stopped all data transfers to AFTS as soon as the breach was discovered. This incident is now under investigation by the Federal Bureau of Investigation (FBI).
In a statement about this incident, officials said, in part, “While the DMV Investigations branch has no indication at this time that information accessed by the ransomware attack on AFTS has been used by the attackers for any nefarious reason, the DMV urges customers to report any suspect activity to law enforcement. The DMV will continue to monitor the situation and work with the appropriate law enforcement agencies.”