A ransomware attack on a third-party supplier for the California DMV may have also compromised customer data.

The breach hit a third-party supplier called Automatic Funds Transfer Services (AFTS), which verifies vehicle registration addresses for local DMV customers. The DMV is still investigating whether the hackers stole any information. But “out of an abundance of caution,” the agency is warning the attack may have compromised customer data going back the last 20 months.

The potentially compromised data includes “California vehicle registration records that contain names, addresses, license plate numbers, and vehicle identification numbers,” the DMV said in a statement on Wednesday.

The breach is especially bad since California’s DMV serves millions of residents. A DMV spokesperson said 38 million records involving vehicles, including boats, were sent to AFTS.

But there’s some good news: “AFTS does not have access to DMV customers’ Social Security numbers, birthdates, voter registration, immigration status or driver’s license information, therefore this data was not compromised,” the agency added. Hence, the hackers wouldn’t have enough information to commit the worst kinds of identity theft, like opening a credit card in your name. Still, any exposed personal information could give them a start….

By Michael Kan February 18, 2021

Read full pcmag.com article at source

Back to news overview