California DMV Contractor Hit by Ransomware

Roughly more than a year following its last data breach, California’s Department of Motor Vehicles announced a possibility of another data leak due to ransomware.

Its contractor Automatic Funds Transfer Services (AFTS) was hit by an ‘unspecified’ strain of ransomware, which compromised about 20 months of the agency’s vehicle registration records. AFTS is responsible for verifying changes in the address within the national database.

The ransomware tampered with the database containing sensitive information such as driver’s names, addresses, license plate numbers, and vehicle identification numbers. It was clarified that no Social Security numbers, dates of births, voter registration, and immigrant status were accessed.

California DMV Contractor Ransomware

Due to the recent turn of events, AFTS has stopped all data transfers and initiated an emergency contract to get rid of the downtime of services. The company handles a host of clients across the United States, processing payments, invoices, and verifying address information.

Other municipalities have made announcements about the involvement with the data breach, opening up possibilities that not only California is affected. Cybersecurity experts are still looking into the type of ransomware that hit AFTS. There’s still no evidence showing what kind of ransomware was used to access the systems.

Ransomware works by encrypting a system or network to access all company files and confidential information. These were unlocked and threat actors ask for money in exchange for not leaking the database. Many companies have enabled data backups, but ransomware groups threaten to publish stolen files to the public.

AFTS hasn’t released any comment yet, but the website publishes a short message saying, “The website of AFTS and all related payment processing websites are unavailable due to technical issues. We are working on restoring them as quickly as possible.”

Meanwhile, California’s DMV director Steve Gordon said the agency’s looking to implement more security measures to bolster the security and protect the information of everyone. The agency also works with other companies to deal with the recent incident and make sure nothing gets out in the open.

Another spokesperson of the agency said approximately 38 million records have been compromised since many drivers own more than one vehicle.

Prior to this new ransomware attack, there are reports circulating how DMV sells driver’s personal information and make more than $50 a year in exchange. This was reported by Vice, as a DMV document was obtained by Motherboard.

Data brokers and consumer credit reporting agencies appeared in DMV’s financial document, heightening the suspicion of private investigators.