Watch Now


California DMV warns of ransomware attack on address verification contractor

AFTS confirmed attack but said investigation into data breach is ongoing

California DMV vendor, AFTS, which was targeted by a recent ransomware attack, had access to the past 20 months of California vehicle registration records. Photo: Jim Allen/FreightWaves

The California Department of Motor Vehicles (DMV) is warning customers that a vendor it uses to verify personal and commercial vehicle registration addresses was targeted by a ransomware attack in early February.

The DMV issued a statement on Wednesday cautioning customers about the data breach involving a Seattle-based contractor, Automatic Funds Transfer Services (AFTS), it has used since 2019 to cross-reference addresses with the U.S. Postal Service’s national database for vehicle renewal notices.

Jason Feldman, compliance officer with AFTS, confirmed the attack to FreightWaves, stating the company’s compromised network was taken offline within hours of discovering the breach. The company also notified law enforcement agencies, which are looking into the attack, he said. 

He told FreightWaves on Thursday that he wasn’t aware the DMV had alerted customers to the ransomware attack at AFTS.


“We immediately took the compromised network offline and we’ve hired a new company to build us a brand-new network from the ground up,” Feldman told FreightWaves. “We’ve hired a forensic IT team that is looking at our old compromised network to investigate and determine the scope and nature of the breach.”

Feldman said he couldn’t comment on the group behind the attack, how much money the hackers requested and whether his company paid the ransom.

“These are sophisticated actors, who locked us out of our data and wanted us to pay for a key to unlock that data,” Feldman said.

At this point, Feldman said he “doesn’t know the level of personal-protected information, if any, is involved and whether the California DMV has been impacted by this.”


The DMV said its systems have not been compromised, but that AFTS had access to the past 20 months of California vehicle registration records, containing names, addresses, license plate numbers and vehicle identification numbers. 

However, AFTS did not have access to customers’ Social Security numbers, birthdates, voter registration, immigration status or driver’s license information, the DMV said.

“We are looking at additional measures to implement to bolster security to protect information held by the DMV and companies that we contract with,” Steve Gordon, director of the California DMV, said in a statement. 

In the meantime, the DMV is contracting with a different address verification company. 

Although there’s been no indication that information that may have been accessed by the ransomware attack has been used for “any nefarious reason,” the DMV is urging customers to report any suspicious activity to law enforcement.

City officials in Kirkland, Washington, alerted customers in early February of a potential data breach involving AFTS, which processes the company’s utility billing. 

Click for more articles by Clarissa Hawes.
Louisiana ransomware attack disrupts trucking operations
Oilfield supervisor admits lining pockets with $400,000 of Petco’s money
Judge slaps wholesale distribution company with $23.7M ‘nuclear verdict’ in crash

Also, check out the latest episode of our true crime podcast here: Profits drive log fraud in trucking — Long-Haul Crime Log


Clarissa Hawes

Clarissa has covered all aspects of the trucking industry for 18 years. She is an award-winning journalist known for her investigative and business reporting. Before joining FreightWaves, she wrote for Land Line Magazine and Trucks.com. If you have a news tip or story idea, send her an email to chawes@firecrown.com or @cage_writer on X, formerly Twitter.