Calif. DMV Investigates Possible BreachDept. Looking Into Compromise at Payment Processor
The California Department of Motor Vehicles is investigating a possible credit card breach after it was notified by law enforcement authorities of a "potential security issue within its credit card processing services," according to a DMV statement.
"There is no evidence at this time of a direct breach of the DMV's computer system," says Armando Botello, public information officer of the department, in a statement. "However, out of an abundance of caution and in the interest of protecting the sensitive information of California drivers, the DMV has opened an investigation into any potential security breach in conjunction with state and federal law enforcement."
As part of its investigation, the department is performing a forensic review of its systems and seeking information from both the external vendor that processes the DMV's credit card transactions and the credit card companies themselves, Botello says.
"Protecting the identity and security of our customers is our highest priority, and we fully understand the potential impact any breach of security can have," Botello says. "The department has implemented heightened monitoring of all DMV website traffic and credit card transactions."
The DMV is recommending customers monitor their credit card statements and transactions for any fraudulent or unusual activity, according to the statement.
The department did not immediately respond to a request for additional information.
The California DMV conducted more than 11.9 million online transactions during 2012, a 6 percent increase over 2011, according to a department news release. Online vehicle registrations, the most popular online transaction, totaled more than 7.6 million in 2012.
This is the latest in a string of high-profile breach reports, including Target Corp. and Neiman Marcus. In one recent payment card breach incident, Sally Beauty originally said its point-of-sale network was not compromised following a cyber-attack. But it eventually acknowledged, after further investigation, that fewer than 25,000 records containing payment card data were illegally accessed.