By Lucas Ropek
The California Department of Motor Vehicles has warned state residents that over a year’s worth of data—including customer addresses and license plate numbers—may have been compromised in a recent cyberattack on a third-party contractor.
That contractor—Automatic Funds Transfer Services (AFTS)—is a financial services and data management firm, which California uses to verify changes of address for car owners.
AFTS was hit by a ransomware attack sometime between Feb. 3 and 4, potentially exposing “the last 20 months of California vehicle registration records that contain names, addresses, license plate numbers and vehicle identification numbers (VIN),” the DMV has said. As should be obvious, that means millions and millions of records.
When reached by phone Thursday, a DMV representative said it was unknown whether data had actually been viewed or stolen in the attack. The agency has emphasized that “social security numbers, birthdates, voter registration, immigration status or driver’s license information” have definitively not been compromised, as they were not shared with the contractor. Law enforcement agencies have also been notified and are involved. AFTS couldn’t immediately be reached for comment.
Read the rest of the story on Gizmodo