A “wide-ranging credit card data breach” may have hit the state Department of Motor Vehicles, according to a low-key alert sent by Mastercard to financial institutions this week, it was reported today.
Security blogger Brian Krebs — who also broke the Target credit card fraud — reported that five different banks had told him they had received the alert. “If indeed the online California DMV has suffered a breach of their online payments system, it’s unclear how many card members may have been stolen,” Krebs wrote on his blog today.
The breach reportedly affected both credit and debit card accounts, Krebs said, and the cards were used for “card not present” purchases.
The Los Angeles Times reported at midday that officials at MasterCard had confirmed the breach, without giving details.
No spokesperson was immediately available at DMV today.
Mastercard’s spokesman told The Times that customers should examine their accounts for unauthorized purchases, the newspaper reported on its website.
Krebs said banks have been given lists of credit card numbers by Mastercard, including the credit card number, expiration dates and the three- digit “security number” on the back of the cards.
The stolen numbers were apparently used for purchases between Aug. 2, 2013 through Jan. 31 of this year, Krebs reported.