California Drivers Could Be Latest Consumers Affected by Security Breach
March 24, 2014
On Saturday, security blogger Brian Krebs reported a possible breach of the California DMV’s Website had resulted in the exposure of payment-card information, according to alerts sent by MasterCard to various banks of the affected cardholders. While all the compromised cards apparently had been used at the DMV’s Website, the state agency issued a statement blaming its payment processor as the source of any breach and that the commonality of the cards having been used at the DMV site was coincidental.
“The Department of Motor Vehicles has been alerted by law enforcement authorities to a potential security issue within its credit card processing services,” read a statement posted to the CA.gov Website. “There is no evidence at this time of a direct breach of the DMV’s computer system. However, out of an abundance of caution and in the interest of protecting the sensitive information of California drivers, the DMV has opened an investigation into any potential security breach in conjunction with state and federal law enforcement. In its investigation, the department is performing a forensic review of its systems and seeking information regarding any potential breach from both the external vendor that processes the DMV’s credit card transactions and the credit card companies themselves.”
Krebs, the journalist who first reported on the Target, Neiman Marcus and Michael’s breaches and will be giving a keynote address at the upcoming CNP Expo in May, published a document suggesting the processor for transactions accepted by California’s DMV Website is Elavon, the processing arm of U.S. Bank. Elavon has not responded to inquiries from CardNotPresent.com about its status as the agency’s processor or if it can confirm a breach.