The Californian Department of Motor Vehicles (DMV) has suffered a data breach that could have possibly exposed over a year’s worth of data after a third-party contractor was compromised during a cyberattack. During this breach customer addresses and licence plate numbers were exposed, but the DMV has confirmed that social security numbers, birthdates, voter registration, immigration status or driver’s licence information were not.
Automatic Funds Transfer Services (AFTS) is a financial service and data management firm contracted by the Californian DMV. AFTS suffered a ransomware attack in early February, which exposed “the last 20 months of California vehicle registration records that contain names, addresses, licence plate numbers and vehicle identification numbers (VIN)” according to the DMV.
AFTS has not published a statement about the attack which details all of their clients or what data has been affected. But it is known that they have a number of public sector clients, which puts a large number of sensitive financial information in danger.