Click to Skip Ad
Closing in...

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

If you live in this state, your personal data might’ve been leaked in a huge security breach

Published Feb 19th, 2021 5:26PM EST
Data breach
Image: knssr/Adobe
  • California’s state DMV has warned that more than a year’s worth of information about residents may have been compromised in a third-party data breach.
  • An investigation is underway to determine if that’s the case. A financial services firm that contracts with the DMV is what actually fell victim to a ransomware attack.
  • Unfortunately, that firm also does business with many other public entities, such as the city of Seattle.

We’re only mid-way through the second month of 2021, and already the data breaches are mounting. Following the disclosure we mentioned in recent days, of what may be the largest-ever publication of hacked user credentials posted to the internet, now comes word that California state residents may have had their personal data stolen via a cyberattack on a vendor associated with the California Department of Motor Vehicles.

According to a new warning from the state’s DMV, more than a year’s worth of customer data that includes license plate numbers and individual addresses may have been compromised via the data breach. The breach targeted Automatic Funds Transfer Services, a financial services and data management company that contracts for services with California’s DMV, which the DMV uses to verify car owners’ change of address. The key phrase here, though, is “may have been compromised.”

“DMV systems have not been compromised and it is unknown if DMV data shared with the company has been compromised,” the California agency said in its disclosure of the incident. “An investigation is under way.”

Automatic Funds Transfer Services was apparently the victim of a ransomware attack earlier this month that, per the DMV, might have compromised “the last 20 months of California vehicle registration records that contain names, addresses, license plate numbers and vehicle identification numbers (VIN).” Not surprisingly, the DMV says it stopped all data transfers to AFTS and notified law enforcement, including the FBI.

As of the time of this writing on Friday morning, AFTS displays the following error message when you try to visit its webpage: “The website for AFTS and all related payment processing (websites) are unavailable due to technical issues. We are working on restoring them as quickly as possible.”

What’s even more ominous about this data breach is that it might be much larger than what’s been reported, since AFTS actually contracts with many city entities, like in Seattle — which said a few days ago after learning of the AFTS incident that “City departments use this vendor for commercial billing, printing, and mailing services. Seattle Information Technology Department leads, including security and privacy teams, are working with AFTS, affected departments and the City Attorney’s office to understand the potential impact of this incident on personal information.”

Andy Meek Trending News Editor

Andy Meek is a reporter based in Memphis who has covered media, entertainment, and culture for over 20 years. His work has appeared in outlets including The Guardian, Forbes, and The Financial Times, and he’s written for BGR since 2015. Andy's coverage includes technology and entertainment, and he has a particular interest in all things streaming.

Over the years, he’s interviewed legendary figures in entertainment and tech that range from Stan Lee to John McAfee, Peter Thiel, and Reed Hastings.