Calif. DMV probes possible credit card hack. Is the public sector a target?

The California Department of Motor vehicles is investigating the possibility that users of its online services were latest victims of a credit card hack. Is the public sector the next target for data thieves?

|
Robert Galbraith/FILE/REUTERS
A woman talks on a mobile telephone while departing a California Department of Motor Vehicles branch in San Francisco, California March 24, 2014. The California Department of Motor Vehicles is investigating a possible security breach of its credit card processing services, but its internal computer system does not appear to have been accessed, a spokesman said on Saturday.

Long lines, slow service, and hassle are usually associated with a trip to the Department of Motor Vehicles, so when DMVs around the country started offering online services, the response was enthusiastic. For California DMVs in 2012, for example, 11.9 million transactions were completed online – up 6 percent from the year before.

The most recent news, however, may dampen that response. California officials are investigating a potential credit card data breach in online transactions for the state's Department of Motor Vehicles over a six-month period ending January 31. The probe is ongoing, but the potential of the hack raises questions about credit card security i an increasingly automate

Brian Krebs (a cybersecurity journalist at KrebsOnSecurity, which previously broke the Target and Adobe hack stories) first  reported  the potential breach when MasterCard sent out an alert to five financial institutions, which included two midsized California banks. The transactions in questions were tagged: “STATE OF CALIF DMV INT”.

“There is no evidence at this time of a direct breach of the DMV’s computer system,” the California DMV told KrebsOnSecurity. “However, out of an abundance of caution and in the interest of protecting the sensitive information of California drivers, the DMV has opened an investigation into any potential security breach in conjunction with state and federal law enforcement.”

In addition, US Bank and Visa did not send out alerts, and both said they are still investigating the claims. Krebs says at one bank, the breach could have affected over 1,000 cards.

Online DMV transactions include traffic payments and registration fees.

This news comes on a year of heightened sensitivity to cybersecurity breaches after an attack on Target siphoned information from over 40 million credit cards nationwide over about a month and may have compromised over 70 million customers’ private contact information.

Potential attacks growing to include public sector bodies are a concern, says Ben Woolsey, president of CreditCardForum.com.

“This is not just like Target or retailers getting hacked,” he says. “This is someplace that collects personal information and really knows so much about you as a person and a consumer. It is very disconcerting to see this type of database getting hacked.”

Though the California DMV is still investigating, Mr. Woolsey says he is concerned that hackers could have obtained more than just credit card information, as DMVs also house vital identity information like driver’s license numbers, social security numbers, and date of birth. If hackers access this information, identity theft is a potential threat.

Regardless, he says that government bureaucracies have been slower than others to get online, and can lack the tech talent and support to ensure a security hack is prevented. “There are probably 49 other potential cases waiting to happen,” he says.

That being said, in this digital age, more people are forgoing cash and moving all finances online, while hackers are growing increasingly savvy. This has resulted in higher fraud than ever before:  Nilson Report, a financial industry publication, says retailers and banks had to pay back more than $11 billion in global card fraud in 2012, up 15 percent from the year before. But Woolsey says that actually isn’t the worst thing in the world.

“There is some sort of safety in numbers,” he says. “There are so many credit card numbers on the black market it almost becomes too much for hackers to handle. All cards expire at a certain point, so there is a lifespan of usability for this information.”

The key to ensuring minimum damage is vigilance, he says. Card  users should monitor monthly credit card statements and set up alerts for when  cards have been used. Credit card companies are likely to beef up security in light of these attacks as well, he adds.

And don’t expect hordes of people taking a ticket at the DMV counter for fears of compromised credit cards any time soon.

“My guess is that convenience is going to trump security fears,” Woolsey says. “We’re vulnerable any place, let alone the DMV, as these breaches seem to be happening on a frequent basis.”

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Calif. DMV probes possible credit card hack. Is the public sector a target?
Read this article in
https://www.csmonitor.com/Business/2014/0324/Calif.-DMV-probes-possible-credit-card-hack.-Is-the-public-sector-a-target
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe