California DMV Compromised, Credit Cards Breached

CommanderFrank

CommanderFrank

Cat Can't Scratch It
Joined
May 9, 2000
Messages
75,399
And the winner of this week’s breach of the week goes to the California DMV. The DMV was reported by MasterCard to be the victim of a security breach, exposing thousands of individual’s personal information as well as credit card info in an ongoing attack that may have begun over six months ago.

Statistics from California's DMV show that nearly 12 million online transactions with the DMV were conducted in 2012, an increase of 6 percent from 2011 - an ominous number when considering the potential range of the breach.
Click to expand...
 
Why are they storing CC data anyways? Or do they record and save the transactions with CC numbers?

Stop storing this data, problem solved right?
 
Toiletmint said:
Why are they storing CC data anyways? Or do they record and save the transactions with CC numbers?

Stop storing this data, problem solved right?
Click to expand...

I'd guess they allow users to create a handle and remember CC info to reuse next time they renew.
 
I'll take a compromised credit card over waiting in the line at a SoCal DMV.

Actually last time I had to go in person to renew my license, they would not take CC. Reluctantly used a debit card. That's what I don't want info stolen from...
 
WTF California? Why isn't this shit deleted once the transaction is processed? There's no reason to store this crap. Guess I'll call my bank tomorrow and get new card #'s issued.

Too bad we can't bill them for the time we have to take to correct a problem they caused. Fuckers.
 
Great, and I just paid for my registration a couple weeks ago

I'd guess they allow users to create a handle and remember CC info to reuse next time they renew.
Click to expand...
I've always had to re-enter my credit card information, it was never stored for my "convenience"
 
Scythe said:
WTF California? Why isn't this shit deleted once the transaction is processed? There's no reason to store this crap. Guess I'll call my bank tomorrow and get new card #'s issued.

Too bad we can't bill them for the time we have to take to correct a problem they caused. Fuckers.
Click to expand...
Yeah no shit, when are these institutions going to become liable for for "mishandling" of this information, like storing the values when there is no reason to store them. You hang onto them to verify funds get transferred, then you fucking wipe the information. If I have a gun that's insecurely stored and someone in my family gets injured as a result, I'm liable, if I have ANYTHING that could possibly cause harm to anyone that's not securely stored I am fucking liable for the damage that is caused as a result. They want to handle our financial information, then then need to be financially liable for any inconvenience it causes.
 
This is exactly why our company has never stored CC info, we simply pass it to the processors and poof! gone never to be seen again in our systems.

Perhaps these guys found a way to intercept the data being transmitted between them and the processors?
 
Wonderful. I guess I will be paying attention to my credit cards now.
 
sfsuphysics said:
Yeah no shit, when are these institutions going to become liable for for "mishandling" of this information, like storing the values when there is no reason to store them. You hang onto them to verify funds get transferred, then you fucking wipe the information. If I have a gun that's insecurely stored and someone in my family gets injured as a result, I'm liable, if I have ANYTHING that could possibly cause harm to anyone that's not securely stored I am fucking liable for the damage that is caused as a result. They want to handle our financial information, then then need to be financially liable for any inconvenience it causes.
Click to expand...
Government? Good luck. They only cost us money.

Stolen credit cards -> fraudulent charges -> insurance claims by CC companies -> increased insurance rates for CC companies -> higher charges by CC companies -> higher priced items -> lighter wallet for everyone.

When a thief steals from the CC companies, everyone loses.
 
sleepeeg3 said:
Government? Good luck. They only cost us money.

Stolen credit cards -> fraudulent charges -> insurance claims by CC companies -> increased insurance rates for CC companies -> higher charges by CC companies -> higher priced items -> lighter wallet for everyone.

When a thief steals from the CC companies, everyone loses.
Click to expand...

We lose, always. It doesn't matter if the feds or the state does something......once it's out there, it's out there.

It's becoming clear that ONLY paper money is secure. Unfortunately. :mad:
 
looks like those dumbfucks didn't hire people to lock down their systems.

I need to renew my DL soon. Will be sure to give them a one-time use CC#
 
Fucking bullshit. Storing CC data has to stop. Make POP actually mean something.
 
Umm, first, there is no reason that a Class Action can't be brought against the CA DMV.

Second, maybe their systems were locked down and maybe not. Actually it's more accurate to say, maybe they were as locked down as they can be. There are more then enough software products out there with vulnerabilities that have no available fix yet. Your only option sometimes is to switch to a product that is more secure but you never know, next year their product might be the one with a big hole in it and no cork to fix it with. Java is still out there running and usually has a few major vulnerabilities, some companies are starting to drop Java but do a web search and see how many Java developers jobs are available, it's still a widely used tool.
 
Of course, the problem with any civil claim is that you have to show damages.
 
It may very well be the nameless middlemen processing, they tend to get broken into big time.
 
Skripka said:
I'd guess they allow users to create a handle and remember CC info to reuse next time they renew.
Click to expand...
That would presume the DMV isn't completely braindead. :p Nope, it was just really poor practices. The system shouldn't have stored whole CC numbers in the first place because every time you do a CC transaction you need to hand over the card or swipe it in the kiosk.
 
Damn, didn't see this before. I just recently renewed my CA car registration online using a cc. :eek:
 
You must log in or register to reply here.
Back
Top