The California Department of Motor Vehicles said there is “no evidence” of a direct breach of its computer systems after reports surfaced that credit card information may have been compromised.
KrebsOnSecurity.com was the first to report the possible breach with the DMV's credit card processing company, Elavon. The site reported that it involved online payments from Aug. 2, 2013, to Jan. 31, 2014.
It was unclear how many people were potentially exposed.
DMV spokesman Armando Botello said the department has opened an investigation with state and federal law enforcement into any potential security breach "out of an abundance of caution and in the interest of protecting the sensitive information of California drivers."
"The department has implemented heightened monitoring of all DMV website traffic and credit card transactions," Botello said. "We will immediately notify any affected DMV customers as quickly as possible if we find any issue."
DMV customers were advised to review their credit card account statements for any fraudulent or unusual activity and report it to their credit card company immediately.
Seth Eisen, a MasterCard spokesman, said the company was investigating the reports of a potential breach and sent out alerts to member banks. Eisen said MasterCard's systems had not been affected.
Dr. Clifford Neuman, a computer security expert, said access to DMV information could be worse than the Target breach, which affected 40 million customers.
"There's always a potential that the adversaries got hold of social security numbers, driver's license numbers and other things that can be used for full-blown identity theft," Neuman said.