You are on page 1of 1

FOR IMMEDIATE RELEASE

February 17, 2021

Security Breach at Address Verification Company May Compromise DMV Information


- Potentially impacts vehicle registration records, no driver’s license information
- DMV working with law enforcement and assessing additional privacy protections
Sacramento – The California Department of Motor Vehicles (DMV), out of an abundance of caution, is
notifying customers that a company it uses to verify vehicle registration addresses has had a security breach.
DMV systems have not been compromised and it is unknown if DMV data shared with the company has been
compromised. An investigation is under way.
Automatic Funds Transfer Services, Inc. (AFTS) of Seattle was the victim of a ransomware attack in early
February that may have compromised information provided to AFTS by the DMV, including the last 20 months
of California vehicle registration records that contain names, addresses, license plate numbers and vehicle
identification numbers (VIN). AFTS does not have access to DMV customers’ Social Security numbers,
birthdates, voter registration, immigration status or driver’s license information, therefore this data was not
compromised.
Upon being notified of the potential breach, the DMV immediately stopped all data transfers to AFTS and
notified law enforcement, including the Federal Bureau of Investigation.
“Data privacy is a top priority for the DMV. We are investigating this recent data breach of a DMV vendor in
order to quickly provide clarity on how it may impact Californians,” DMV Director Steve Gordon said. “We are
looking at additional measures to implement to bolster security to protect information held by the DMV and
companies that we contract with.”
The DMV has contracted with AFTS since 2019 to cross-reference addresses with the national database – which
gets updated whenever someone files a change of address with the U.S. Postal Service National Change of
Address Database – to ensure vehicle registration renewal notices are mailed to a customer’s current address.
The DMV does not use this service to verify driver’s license addresses.
The DMV is initiating an emergency contract with a different address verification company to ensure there are
no impacts to customer service. The DMV is reviewing processes with AFTS to determine the further security
enhancements needed to prevent future breaches.
While the DMV Investigations branch has no indication at this time that information accessed by the
ransomware attack on AFTS has been used by the attackers for any nefarious reason, the DMV urges customers
to report any suspect activity to law enforcement. The DMV will continue to monitor the situation and work
with the appropriate law enforcement agencies.
###

Never miss the latest news from the California DMV. Sign up now to receive customized information on DMV related topics. To
subscribe or unsubscribe, visit DMV News Alerts: https://www.emailalert.dmv.ca.gov/DMVEmail_Alert/