CA-DMVIt looks like the California DMV may be the latest in a string of big data breaches. While the alleged data breach at the California DMV is nowhere near the size of the Target theft, for some, the thought is far less comforting.

Security expert Brian Krebs, from Krebs On Security, and the same writer who broke the story about the Target breach, reported earlier this month that the California Department Of Motor Vehicles, appeared to have suffered a “wide ranging credit data breach”.

Krebs had received an internal Mastercard memo that had been sent to various banks in California notifying them of a potential security breach. Through his own investigation he found that one small California bank had received notification that 1000 credit card numbers may have been affected. To put that in perspective the same bank told Krebs that during the Target fiasco 2000 cards had been affected. This bank only has credit cards issued in the state of California.

“We’re seeing two percent of our card base compromised as a result of this, and our cards are 100 percent concentrated here in California,” said a source at the small state bank, who declined to be named because he did not have permission to speak on the record. “That’s still a big number, and it’s a huge exposure window.”

The California DMV is downplaying the incident and issued a statement last week saying that “due to an abundance of caution” they were conducting an internal investigation. The California DMV issued a statement turning the blame to a third party vendor. Krebs found, through a document from the California Department Of General Services, that their credit card vendor is Elavon.

The DMV’s statement said:

“The Department of Motor Vehicles has been alerted by law enforcement authorities to a potential security issue within its credit card processing services.”

“ There is no evidence at this time of a direct breach of the DMV’s computer system. However, out of an abundance of caution and in the interest of protecting the sensitive information of California drivers, the DMV has opened an investigation into any potential security breach in conjunction with state and federal law enforcement.”

“In its investigation, the department is performing a forensic review of its systems and seeking information regarding any potential breach from both the external vendor that processes the DMV’s credit card transactions and the credit card companies themselves.”

Krebs has said that this data breach was only online and not at physical DMV locations. Brick and mortar DMV locations in California do not accept credit cards as a form of payment.