The California Bureau of Automotive Repair notified Smog Check station owners in July that banking information may have been accessed in a January data breach.
How many victims? Unknown, but the state Bureau of Automotive Repair (BAR) licenses and regulates more than 7,500 Smog Check stations.
What type of personal information? Bank account and routing numbers belonging to Smog Check stations licensed with the BAR.
What happened? An unauthorized individual accessed the network of one of the BAR's service providers between May 2012 and March 2013, according to a BAR letter sent to shop owners. The date the breach was discovered is Jan. 4, according to state officials. The compromised service provider was not named.
What was the response? BAR sent letters to shop owners in July, alerting them of the breach. BAR is working with law enforcement and the service provider to ensure additional controls and safeguards are implemented.
Details: BAR recommends monitoring accounts for suspicious activities. Those who wish to close accounts are asked to report the compromised account to the financial account issuer as “closed at customer request.” Those who wish to open a new account are asked to create a PIN or password to control access.
Quote: Russ Heimerich, deputy director of communications for the California Department of Consumer Affairs, told SCMagazine.com that oftentimes there is a gap between when a breach occurs and when people learn about it because law enforcement takes time investigating.
"The best practice has been to notify people after enforcement has investigated," he said.
Source: oag.ca.gov, “Submitted Breach Notification Sample,” July 3, 2013.