A security breach at the California DMV has exposed the information of millions of people.
KPIX-5 reports a third-party company the DMV hired to verify addresses was the victim of a ransomware attack, which may have compromised vehicle registration information for the past 20 months.
“There’s no financial information involved,” DMV spokesperson Anita Gore told KPIX-5. “We know that this third party had a ransomware attack, they held on to some of our information, but we have no indication that anyone’s done anything nefarious with that information.”
The breach happened at Automatic Funds Transfer Services, a Seattle-based company.
Gore says the breach did not include any social security numbers, drivers' license numbers, or financial information. The information was the type you would find on a vehicle registration: name, address, license plate number, and vehicle registration number.
The DMV has ended its contract with AFTX and is notifying people who were affected.
Armen Najarian with RSA Security told KPIX-5 that regardless of whether or not the breach included sensitive information, it is still a concern.
“This is a type of attack that we’ve been following for a long time and this is what I would call a supply chain exploit.”
By attacking smaller suppliers that haven’t invested in security technology, thieves are getting back door access to information.
“It’s death by a thousand cuts. And that’s the concern, that yet another important bit of information is now out there circulating among the organized fraud communities,” said Najarian.
He says the information could be used to file fraudulent claims.
The DMV says people who were impacted should watch for suspicious activity; for example, receiving a form that asks them to confirm a change of address.
Related
