CA DMV: 38M Records Possibly Compromised In Data Breach

ACROSS CALIFORNIA — The California Department of Motor Vehicles is investigating a security breach that may have compromised the personal information of millions of Californians who registered a vehicle over the past 20 months.

A company the DMV contracts with to verify vehicle registration addresses was the victim of a ransomware attack in early February, the department said in a news release this week.

Automatic Funds Transfer Services Inc. of Seattle has access to the names, addresses, license plate numbers and vehicle identification numbers of registrants. It does not have other sensitive information such as social security numbers, birthdates, voter registration information, immigration status or driver’s license information, the DMV said.

“Approximately 38 million records have potentially been compromised,” DMV officials said in an email to Patch. “Some people own more than one car, a car and a boat or off-road vehicle, for example. So the total number of people impacted is less.”

The DMV said that it stopped all data transfers to the vendor and notified law enforcement immediately after being notified of the potential breach. The DMV has used the company since 2019 and is initiating an emergency contract with another address verification company while working with Automatic Funds Transfer Services to prevent further breaches.

“Data privacy is a top priority for the DMV,” DMV Director Steve Gordon said in the news release. “We are investigating this recent data breach of a DMV vendor in order to quickly provide clarity on how it may impact Californians.”

There is “no indication at this time that information accessed by the ransomware attack on AFTS has been used by the attackers for any nefarious reason,” DMV officials told Patch in a statement.

“The DMV urges customers to report any suspected activity to law enforcement,” they added. “The DMV will continue to monitor the situation and work with the appropriate law enforcement agencies.”