In a statement, DMV officials said there is "no evidence" so far of a direct breach, but an investigation with state and federal law enforcement has been opened out of caution.
The investigation involves a forensic review of DMV systems. It is also seeking information about any possible breach from the external vendor that processes DMV credit card transactions and the credit card companies.
"There needs to be some auditing done to determine first where the breach occurred," said USC professor and security expert Clifford Neuman. "Could it have been through an outside contractor? Could it have been through a part of the DMV focused entirely on just the credit card payments, or did someone have access to the entire DMV system and this was just the low-hanging fruit that they were able to pick up?"
Earlier in the day, MasterCard confirmed it was investigating reports of a statewide data breach involving credit- and debit-card numbers at the DMV.
Security blogger Brian Krebs was the first to report the possible breach. He says that five different banks have told him they had received the alert Saturday.
The possible breach involved the theft of data from cards used online.
"If indeed the online California DMV has suffered a breach of their online payments system, it's unclear how many card members may have been stolen," Krebs wrote on his blog.
The stolen numbers were used for purchases between Aug, 2, 2013 though Jan. 31, 2014.
MasterCard spokesman Seth Eisen says the company has sent out alerts to member banks. Consumers were urged to review their accounts and contact their card issuer for assistance.
Monitoring of DMV website traffic and credit card transactions has been increased. Anyone affected will be notified as soon as possible if a breach is discovered, the DMV said.
The Associated Press and CNS contributed to this report.
