SACRAMENTO, Calif. (KGET) — The California Department of Motor Vehicles on Wednesday notified customers of a security breach in a company it uses to verify vehicle registration addresses.
It’s unknown if vehicle information data was compromised, the DMV said, and an investigation is ongoing. The DMV halted all data transfers to the company and notified law enforcement, including the FBI.
“Data privacy is a top priority for the DMV,” said DMV Director Steve Gordon in a release. “We are investigating this recent data breach of a DMV vendor in order to quickly provide clarity on how it may impact Californians.”
Automatic Fund Transfer Services Inc. was the victim of a ransomware attack in February that may have compromised information sent by the DMV including the last 20 months of California vehicle registration records containing names, addresses, license plate numbers and vehicle identification numbers, the release said.
Social Security numbers, birth dates, voter registration, immigration status or driver’s license information are not among the information the DMV shares with AFTS and are not compromised, according to the release.
The DMV contracts with AFTS to cross-reference addresses with the national database, which is updated whenever someone files a change of address with the U.S. Postal Service National Change of Address Database. By cross-referencing addresses, vehicle registration renewal notices are mailed to a customer’s current address.
Anyone who notices suspected illegal activity using information received from the ransomware attack is asked to contact law enforcement.