With the incident, KFSN in Fresno reports that the affected data includes 20 months’ worth of California vehicle registration records. The issue arose because a contractor DMV uses, called Automatic Funds Transfer Services, Inc., to verify vehicle registration addresses was the victim of a ransomware attack in early February, 2021, and this enabled DMV data to be taken.
The hack follows a significant DMV breach in late 2019. In response to California DMV’s latest data breach, security expert Robert Prigge, CEO of Jumio, outlines the seriousness of the issue and what it means for security going forwards.
Prigge begins by considering the extent of the issue, noting: “The California DMV’s exposure of almost 38 million records, including names, addresses, license plate numbers and vehicle identification numbers, confirms government organizations need stronger authentication to protect sensitive data (or any data for that matter).”
The amassed data will be of value to criminals, as Prigge states: “Fraudsters can leverage the breached information to impersonate victims, access accounts set up with this information, submit fraudulent insurance claims or combine it with other exposed data to gain access to even more user accounts. Government agencies holding personally identifiable information are responsible for keeping data secure and must adapt to the modern fraud landscape to keep citizens safe.”
There are measures that firsm can enact in orde rto reduce the risk going forwards. Prigge outlines the basis of a strategy for businesses to consider: “Organizations can look to more secure forms of identity verification, like biometric authentication (using a person’s unique human traits to verify identity), to confirm each person is truly who they say they are. Additionally, as this particular breach was caused by a third party, it is critical to ensure vendors have also battened down the hatches on their own security.”
