On Saturday, the California Department of Motor Vehicles announced it was investigating a possible breach of its credit and debit card data, although officials have said the agency has no immediate evidence a hack has occurred.
The DMV was alerted by law enforcement to a possible security issue related to online transactions made through its website between August 2013 and January 2014.
“Out of an abundance of caution and in the interest of protecting the sensitive information of California drivers, the DMV has opened an investigation into any potential security breach in conjunction with state and federal law enforcement,” the DMV told Krebs on Security.
The California DMV advised anyone who has renewed their license in California online or made any transaction at the California DMV website to review their statements for suspicious activity.
Cards used on the California DMV website between August 2, 2013 and January 31, 2014 are at risk. It is not known if a breach has occurred or what information was stolen, but possible stolen data includes card numbers, expiration dates, and security codes. It is not known if other sensitive information like Social Security numbers were stolen.
It is unknown how many people may be affected. In 2012, an estimated 12 million transactions were conducted on the DMV’s website, which may be used to renew ID cards, driver’s licenses, and pay registration or purchase specialized license plates.
Security blogger Brian Krebs, who broke the story of the Target data breach last year, cited several banks that received alerts from Mastercard about compromised credit and debit cards in relation to the California DMV incident. Krebs reported that a single bank received a list of over 1,000 cards that may have been exposed.
Mastercard spokesman Seth Eisen urged cardholders to review their statements and contact their card issuer if they find any suspicious activity, stressing the Mastercard system has not been affected by the potential breach.
This potential breach comes after the massive Target breach last year, in which 40 million credit and debit card accounts were illegally accessed between November 27 and December 1, while up to 70 million customers had their private information stolen over an unknown amount of time through online purchases at Target.com. This breach is now considered the largest cybercrime against a single retailer in U.S. history.