Recent DMV phishing breach serves as poignant security reminder          

As you are likely aware, in recent weeks an ITD Division of Motor Vehicles email account was compromised through an external phishing attempt. A phishing scheme is where an outside threat, masquerading as a trusted entity, convinces a victim into opening an email, instant message or text message.

The recipient is tricked into clicking a malicious link, which can lead to the installation of malware. In this incident, the attack came out of Nigeria and convinced an employee to give up their credentials.

In early January, ITD learned that an unauthorized individual used a phishing scheme to gain potential access to an employee’s email account. ITD secured the employee’s email account, reported the incident to law enforcement and the Department of Administration, and engaged a leading computer forensic firm for assistance.

The initial phase of the investigation determined the information of some customers could have been accessed by a third-party. Since that time, no abuse or theft had been reported. The investigation also determined that access was limited to a single employee email box with limited customer impact. ITD contacted potentially affected customers offering free credit monitoring.

This event is a good reminder that we are under a constant threat due to the nature of our business; we shouldn’t be worried but Be Prepared, think before you click, and if you feel something isn’t right, reach out to our cyber security team.

For a link to some recent media coverage recently featured in "Transport Topics," please click here.


Cyber security can be reached at x78158 or email itdcybersecurity@itd.idaho.gov

Published 03-02-18