MasterCard said Saturday said it was investigating reports that the California Department of Motor Vehicles may have suffered a breach of credit card data involving online transactions for agency services.
MasterCard is "aware of and investigating" reports of a potential breech, spokesman Seth Eisen told The Times. He said the company was communicating with its customers but could provide no details on information that may have been compromised or how many cardholders may be affected.
Eisen urged cardholders to review their account statements and to call the number on the back of their card if there was any unusual activity. He also emphasized that the MasterCard system itself had not been affected.
A DMV spokesman reached by The Times on Saturday morning declined to comment.
Security blogger Brian Krebs -- who broke the story of the blockbuster breach of Target customers' credit card data last year -- cited several financial institutions that received private alerts this week from MasterCard about compromised cards used for charges marked "STATE OF CALIF DMV INT."
It remains unclear how many people might be affected, but Krebs reported that one bank received a list from MasterCard of more than 1,000 cards that were potentially exposed.
Krebs reported that the information stolen included credit card numbers, expiration dates and three-digit security codes printed on the back, but that it remained unclear if other sensitive information -- such as driver's license or Social Security numbers -- was also taken.
The potentially problematic transactions were believed to have been made between Aug 2, 2013, and Jan. 31 of this year, Krebs reported.
According to the latest information released by the DMV, more than 11.9 million online transactions were conducted with the agency in 2012, marking a 6% increase from the year before. Online services include transactions like payment of registration fees and the purchase of specialized license plates,
Last year, up to 40 million Target customers' credit and debit card accounts were illegally accessed from Nov. 27 to Dec. 15, while as many as 70 million shoppers may have had their names and home and email addresses stolen over an indeterminate amount of time.
The incident now appears to rank as the nation's biggest cybercrime against a single retailer.