California DMV Security Breach Investigation

California DMV building sign

The air surrounding cybersecurity right now is turbulent, to say the least. Malware threats, persistent malicious campaigns, and intrusions to data privacy are common occurrences around the world. In line with this, cybersecurity practices in data privacy have had to change to protect consumers. As a result, industries have had to implement cybersecurity solutions as standard to comply with regulations, as well as overhaul their entire approach to data safety. These mitigations, however, are sometimes not enough to stop sophisticated cyberattacks.

In terms of both attack severity and financial damage caused, the highest-tier threat affecting sensitive databases worldwide is ransomware. Ransomware operations have not left any industry untouched, with anything from finance to healthcare continuing to be attacked and blackmailed.

In yet another wide-reaching ransomware campaign, this time there is an ongoing investigation regarding California’s Department of Motor Vehicles (DMV). The DMV itself, as well as multiple news sources, recently reported news of a security breach. Specifically, the DMV’s contractor AFTS that stores sensitive customer information have had a data breach possibly compromising the personal data of millions of customers.

What are the AFTS and the California DMV?

The California Department of Motor Vehicles (DMV) is California’s state vehicle registration and driver licensing agency department. Citizens in about half of the U.S’s 50 states use the DMV for all things related to vehicle and driver’s license licensing. In the U.S, the Constitution in line with the Tenth Amendment states that each state has its own independent rights, governed under a federal umbrella, so some states have adopted differently named departments for motor vehicles. The Automatic Funds Transfer Service (AFTS) of Seattle, is a contractor that works for the DMV which processes addresses, invoices, and payments handed over to them by the DMV. According to their LinkedIn page, payment processor AFTS works with over “200 million addresses monthly”.

DMV Contractor AFTS Breached

The California DMV has been notifying customers since early February about the fact that “a company that is used to verify vehicle registration addresses has had a security breach” and that “it is unknown if DMV data shared with the company has been compromised”. The third-party contractor in question is AFTS.

Further details reveal that an investigation is still underway, and it has been confirmed that a ransomware attack has taken place. The vulnerable information includes “20 months of California vehicle registration records”. The records themselves contain the following customer information;

  • License plate numbers
  • Vehicle identification numbers (VIN)
  • Names
  • Addresses

It is confirmed that the U.S’s West-coast areas that include California and Washington have experienced the AFTS data breach. There are several ‘ransomware groups’ out there, such as the ones behind the recent Cl0p ransomware attack. According to further leads, this particular AFTS breach seems to be the work of the Ransomware group ‘Cuba RANSOMWARE‘.

Further Implications

Reports reveal that the DMV has stopped all data transfers related to AFTS, notified law enforcement, and entered an investigation with the Federal Bureau of Investigation (FBI).

The director of the DMV, Steve Gordon, stated that they will quickly find out how this impacts Californians and that security measures are being put in place to “protect information held by the DMV” and companies they are affiliated with.

The DMV has been working with third-party contractor AFTS since 2019 to “cross-reference addresses with the national database” in order to keep customer data updated for vehicle records. The DMV has confirmed that they have immediately switched their contractor following the event, but are considering working with AFTS again in the future once “security enhancement” procedures are met. The DMV has stated that they have not detected any negative consequences of the customer data breach, however, “the DMV urges customers to report any suspect activity to law enforcement”.

It looks like the ransomware trend is going to continue, with multiple groups working on stealing data and blackmailing for profit. These groups now have a dark web presence, where stolen data is for sale.

Tech researcher & communications specialist
Mirza has an education background in Global Communications, has worked in advertising, marketing, journalism and television over the years while living in several different countries. He is now working to consolidate news and outreach at VPNoverview.com, while in his free time he likes to work on documentary projects, read about sociology and write about world events.