As I write today’s Scam of the day, the California Department of Motor Vehicles still is denying that they have been a victim of a data breach although they have indicated that due to “an abundance of caution” they are initiating an investigation. The problem is that they have been hacked and their investigation should be focused on finding where the hacking occurred. As was the case with the hacking of Target’s computers and those of many other companies, the companies themselves rarely are the first to discover that their security has been breached. What happened with Target and others is what happened here; banks monitoring fraudulent use of credit cards were able to discover a connection between thousands of fraudulently cards and the California Registry of Motor Vehicles. It appears that these were credit and debit cards used in online transactions as the information stolen was for transactions where the card was not present. Included in the compromised information were the card numbers, expiration date and the three or four digit security code printed on each card.
Once again, I urge you all not to use your debit card for anything other than ATM transactions because not only are the consumer protections available to you if your card is fraudulently used less protective than those that you have when your credit card is fraudulently used, but even if you report the fraudulent use of your debit card immediately, there can be a delay in your being able to access your checking account while the bank investigates the incident. Also, this case points out the extreme importance of constantly monitoring your credit card statements for improper transactions. The sooner you report the breach, the more you are protected and the less you are inconvenienced. This particular breach at the California Department of Motor Vehicles appears to have gone on from August 2, 2013 until January 31, 2014 which is a very long time for such a data breach to have gone on undetected. Waiting for companies to notify you that a breach has occurred is not a good defense against fraud.