California Probing Possible Credit Card Breach at DMVMichael B. Marois
California’s Department of Motor Vehicles, which administers licenses for more than 24 million drivers, said it’s investigating a potential security breach in its computerized credit card processing service.
The department, alerted by law enforcement to a possible security issue, has no evidence of a direct breach of its computer system, spokesman Armando Botello said in a statement. The agency said it is conducting a forensic review and has contacted the company that processes its transactions, Atlanta-based Elavon Inc.
“Out of an abundance of caution and in the interest of protecting the sensitive information of California drivers, the DMV has opened an investigation into any potential security breach in conjunction with state and federal law enforcement,” Botello said.
Penetration of the computer system in the most populous U.S. state would be the latest in a series of high-profile hacks, including the loss of 40 million credit card numbers last year at Target Corp. in the biggest retail hack in U.S. history. The break-in highlighted concerns about stolen payment card information and prompted calls for greater data encryption.
Elavon, a unit of US Bancorp, processes 3 billion transaction globally each year worth an estimated $300 billion, according to its website.
“There has been no confirmation of a data breach,” Tom Joyce, a spokesman for US Bancorp, said by e-mail. “We are working closely with the California DMV and the authorities to determine if there have been any issues.”
Brian Krebs, a security blogger whose site krebsonsecurity.com first broke the news of the Target hack, said Mastercard Inc. privately alerted banks that cards used in online payments for DMV-related services from Aug. 2 to Jan. 31 may have been compromised.
Mastercard spokesman Seth Eisen said in an e-mail that the company’s own system hadn’t been breached and he directed further questions to the DMV.
The Motor Vehicles Department said it heightened its security monitoring of all its website traffic and credit card transactions.