California DMV warns 20 months of records may have been exposed

Other organizations have been affected following a ransomware attack on a contractor.


A ransomware attack on a company called Automatic Funds Transfer Services (AFTS) has had a ripple effect on customers. One of those is the California Department of Motor Vehicles, which has warned drivers in the state about a potential data breach.

The DMV told TechCrunch that the incident may have put at risk “the last 20 months of California vehicle registration records that contain names, addresses, license plate numbers and vehicle identification numbers.” AFTS, which the agency has used to verify changes of address since 2019, doesn't have access to drivers' other personal information. The social security numbers, birth dates, voter registration, immigration status and driver's license details of DMV clients were not affected by the incident.

The agency, to which more than 35 million vehicles are registered, has secured an emergency contract with another vendor, so it shouldn't have any downtime as a result of the attack. Reports last year indicated California's DMV makes tens of millions of dollars by selling clients' personal information to the likes of private investigators.

Hackers struck AFTS with ransomware earlier this month. Along with verifying addresses, the company processes payments and invoices for clients across the US. Other organizations say that the attack has impacted them and potentially compromised customer data.

The Lakewood Water District in Washington said the incident may have exposed water bill account numbers, names, addresses and billing amounts. Details of customer credit cards, social security numbers, driver’s licenses and state IDs weren't impacted as those aren't stored in AFTS databases. The city of Redmond, Washington warned that the names and addresses of its utility customers may have been compromised too.

"The website for AFTS and all related payment processing website are unavailable due to technical issues," reads a message on the AFTS website. "We are working on restoring them as quickly as possible."

Ransomware is a type of malware that locks up computer systems or servers until the attacker agrees to pay a fee. The hackers may also threaten to post the stolen data online unless the victim pays up. Cyberpunk 2077 developer CD Projekt Red recently endured a ransomware attack. Hackers have also targeted hospitals, cruise companies, city and school networks and Tesla.