It’s not just corporations such as Target, Sears or Apple that are feeling the data security sting. Sometimes, as the California Department of Motor Vehicles (DMV) has now learned, public services can be the target of cybercriminals as well.

On Mar. 22, the California DMV announced that it was investigating a possible security breach of its credit card processing services. The DMV claimed in a statement that the agency “has been alerted by law enforcement authorities to a potential security issue.”

There is no current evidence that a breach has indeed occurred, said the agency, though the investigation is ongoing.

“Protecting the identity and security of our customers is our highest priority and we fully understand the potential impact any breach of security can have,” the DMV said. “The department has implemented heightened monitoring of all DMV website traffic and credit card transactions.”

The agency also claimed that it would “immediately notify any affected DMV customers as quickly as possible” if the breach turns out to have occurred.

According to the Los Angeles Times via security blogger Brian Krebs, several financial institutions received private alerts this week about possibly compromised cards that were used at “STATE OF CALIF DMV INT.” MasterCard said that the company was aware of the potential breach and was working with customers. Krebs reported that more than 1,000 cards could have been compromised at MasterCard alone.

The L.A. Times says that more than 11.9 million transactions, including registration fees and specialized license plate purchases, were filed with the agency in 2012. While not quite at Target’s 40 million accounts compromised total, any exposed hack would create massive liability for the governmental agency.


For the latest data security news, check out these InsideCounsel articles:

Don’t underestimate Australia’s new privacy protection laws

Three charged with stealing inside information from M&A firm Simpson Thatcher

Treasury Department undersecretary says bitcoin regulation fine for now

Privacy, data and different jurisdictions: How legal approaches differ between the U.S. and EU