The California Department of Motor Vehicles is investigating a possible security breach of its credit card processing services, but its internal computer system does not appear to have been accessed, a spokesman said on Saturday.
The disclosure by the Department of Motor Vehicles (DMV) in the nation’s most populous state comes at a time of heightened concern about data breaches following revelations of a massive theft of payment card records from Target Corp.
“The Department of Motor Vehicles has been alerted by law enforcement authorities to a potential security issue within its credit card processing services,” spokesman Armando Botello said in a statement.
He added that the agency has opened an investigation “out of an abundance of caution” along with federal and state law enforcement agencies.
The DMV allows clients to pay by credit card in online transactions and at self-service terminals at some locations, for transactions such as renewing driver’s licenses and vehicle registrations, Botello said in a phone interview.
He declined to release other details about the potential breach, including how many customers might have had their data compromised and the time frame when it might have occurred.
There is no evidence of a direct breach of the DMV’s computer system, Botello said in the statement.
“In its investigation, the department is performing a forensic review of its systems and seeking information regarding any potential breach from both the external vendor that processes the DMV’s credit card transactions and the credit card companies themselves,” the statement said.
The blog Krebs on Security first reported the suspected data breach, citing unnamed sources at financial institutions. It said the potentially compromised transactions occurred between August 2 and January 31 and the data that may have been stolen could include credit card numbers, expiration dates and three-digit security codes.
Representatives from MasterCard Inc, Visa Inc, American Express Co and Discover Financial Services could not immediately be reached for comment.
MasterCard spokesman Seith Eisen told the Los Angeles Times the credit card company is “aware of and investigating” reports of a potential breach involving the California DMV.
Last year, some 40 million payment card records were stolen from retailer Target, and Congress is investigating the breach along with lapses at other retailers. Credit card companies have pushed for better security.
Earlier this year, upscale retailer Neiman Marcus said a data breach potentially exposed payment card information at 77 of its 85 stores between last July and October.
(Reporting by Alex Dobuzinskis in Los Angeles, additional reporting by Kevin Murphy in Kansas City, Missouri; Editing by Eric Walsh and Lisa Shumaker)