Banks in California recently received notice from MasterCard that credit card data used previously for California DMV online services had been breached. MasterCard did not say who was breached but did state that the organization experienced a breach commonly known in the financial industry as “card-not-present”. This means that the transactions occurred online. MasterCard also included a date range in its report that stretched from August 2nd 2013 to January 31, 2014 and the data stolen included the card numbers, the expiration date and three digit security code normally found on the back of the card. Five different financial institutions admitted receiving the alert notification and all had the notation “STATE OF CALIFORNIA DMV INT”. Visa card services has not sent out an alert and declined comment. Law enforcement officials also believe American Express cards may have also been breached. American Express notified California DMV of suspicious activity in January but have not labeled it fraud. In addition to California law enforcement agencies the U.S. Secret Service is also investigating the breach.
California DMV officials stated there was “NO” evidence of a direct breach of their systems. “However, out of an abundance of caution and in the interest of protecting the sensitive information of California drivers, the DMV has opened an investigation into any potential security breach in conjunction with state and federal law enforcement.”
“In its investigation, the department is performing a forensic review of its systems and seeking information regarding any potential breach from both the external vendor that processes the DMV’s credit card transactions and the credit card companies themselves.”
California DMV credit card transactions are processed by a Elevon, a subsidiary of US Bancorp. The company has neither confirmed nor denied MasterCard’s reports of a breach.
It is not clear how many people are possibly affected if a breach has in fact occurred. However Krebsonsecurity.com reported 11.9 million transactions were conducted on California DMV’s website in 2012.
Breaking It Down
Black people are not interested in mysteries. Did a breach actually happen or not? Be up front about this. Don’t play games! Nobody wants to admit to anything. California says there is no evidence. US Bancorp, owner of Elevon, who processes credit card transactions for DMV say there is no evidence. No one knows how many credit cards were compromised. We keep hearing; “we are investigating.” The bottom line is that card holders, black or whatever color, don’t matter. The law is on the side of the banks and card processors. They don’t have to come clean right away about what happened and in the mean time your credit card information could be floating around the Internet waiting to be used by a crook. When these incidents happen companies should be obligated, by law, to reveal all they know as soon as they know it to protect the consumer. All too often these big corporations play games until the have the perfectly worded press release to clear them of blame. But the real culprit are lawmakers. They can’t seem to pass a law that protects consumers. So now there are fifty different laws in fifty different states that apply to data breaches. And if a company does business across state lines then what law are they obliged to obey? So who was breached? Was it the state of California or Elevon? Wouldn’t you like to know? Was my credit card compromised? What about my driver’s license number, my personal information or social security number? All this information is in the California DMV computers. So the question remains; Was there a data breach at California DMV or not?