California DMV: The Latest Data Breach

Identity Theft No Comments

It looks like California’s Department of Motor Vehicle’s is the latest institution to suffer a data breach from hackers. These attacks seem to keep popping up as frequently as new episodes of Saturday Night Live–not that there’s a connection–that we know of! Let’s take a look at this latest digital plundering.

Attacks like these prove how vulnerability can be exploited, even at such high places you’d think would be maximally secure. Learn how to protect yourself and make sure you’re not left exposed for identity theft or other data fraud.

Department of Major Violations:

California’s Department of Motor Vehicles was alerted recently that there may have been a potential data breach in their online transactions. It appears many people who went online to make payments or purchases at the DMV’s website had their credit card info compromised, stolen.What’s perhaps most damning about the breach is that it occurred for such a long period of time, starting in August of 2013 and continuing until January 2014. No word yet on just how many people’s info has been compromised.

Mastercard sent an announcement to the DMV as well as to several other financial institutions where the fraud had spread (according to Krebs On Security); these bogus charges all had a California DMV notation attached to “card not present” transactions, which are used to designate online transactions. While Mastercard sent out a notification, Visa has gone without comment.

Thieves–likely hackers, though they’ve not officially said so–obtained credit card numbers, expiration dates AND the three-digit security code on the back of the card.  Apparently there isn’t enough evidence yet to indicate a direct breach on the DMV’s servers, which would certainly be horrifying if was. A direct breach would mean that the thieves had access not to just the credit card information but the treasure trove of identity info: DOB, Driver’s License Number, Address, Full Name, height, weight, eye color. The fallout from that would be absolutely monstrous.

As it appears now, the problem looks to be contained to the DMV’s outsourcing of their credit card processing to an external company. If that’s correct, it should offer at least some relief that the threat didn’t go deeper.  I guess we’ll see.