The California Department of Motor Vehicles on Saturday said it has opened an investigation after being alerted by authorities to a potential security issue within its credit-card processing services.
“There is no evidence at this time of a direct breach of the DMV’s computer system,” Armando Botelo, spokesman for the agency, said in a statement. However, the investigation was initiated “out of an abundance of caution and in the interest of protecting the sensitive information of California drivers,” he said.
The statement was released after the online security blogger Brian Krebs reported that multiple banks had received alerts from Mastercard “about compromised cards that all had been previously used online at the California DMV.”
In a blog post on Saturday, Krebs reported that, according to the Mastercard alert, the potentially compromised transactions at the DMV “extended from Aug. 2, 2013 to Jan. 31, 2014, and that the data stolen included the card number, expiration date, and three-digit security code printed on the back of cards.”
As part of its probe, the DMV is performing a forensic review of its system and seeking information regarding any possible breach from both the external vendor that processes the department’s credit card transactions and the credit card companies themselves, according to Botelo.
The DMV said it has also implemented heightened monitoring of all of its website traffic and credit-card transactions, and that it will notify affected customers if any issue is discovered.
Meanwhile, California drivers were encouraged to closely monitor their credit card statements for fraudulent or unusual activity and report it to their credit card company immediately.
DMV offices will continue to accept cash, checks and money orders in person, Botelo said.