A ransomware attack on California DMV’s third party vendor, Automatic Funds Transfer Services Inc. In February may have potentially put millions of customer data at risk. Following the attack, the DMV said that it halted all data transfer operations to the Seattle-based company and immediately notified law enforcement officers including the Federal Bureau of Investigation.
“AFTS does not have access to DMV customers’ Social Security numbers, birthdates, voter registration, immigration status or driver’s license information, therefore this data was not compromised,” the DMV said in a news release.
A ransomware attack typically encrypts data and holds the information in exchange for a ransom from the victims. However, there are chances that the attackers may have also made a copy of the data, and this is the reason for the uncertainty of data compromise.
“Data privacy is a top priority for the DMV. We are investigating this recent data breach of a DMV vendor in order to quickly provide clarity on how it may impact Californians. We are looking at additional measures to implement to bolster security to protect information held by the DMV and companies that we contract with,” said Steve Gordon, the DMV’s Director.