The Californian Department of Motor Vehicles is investigating a potential security breach within its credit card processing services.
The DMV, which collects card fees via its Website, says there is "no evidence" at this time of a direct breach of its computer systems.
In a statement, the company says: "In its investigation, the department is performing a forensic review of its systems and seeking information regarding any potential breach from both the external vendor that processes the DMV's credit card transactions and the credit card companies themselves."
The breach is understood to have taken place between August 2013 and January of this year. The agency was made aware of the problems by law enforcement officials after MasterCard alerted banks to compromised cards used for charges marked "STATE OF CALIF DMV INT."
There are no details about the size of the breach or the information that was stolen, although security blogger Brian Krebbs reports that at a minimum crooks have gained access to credit card numbers, expiration dates and three-digit security codes.
More than 11.9 million transactions were completed on the DMV's website in 2012.
The agency is warning customers to closely monitor their credit card statements and transactions for any fraudulent or unusual activity and is reverting to payment only by cash, cheque, or money order in person at a local DMV office.