Seth Eisen says the breach is not with MasterCard's systems.
KrebsOnSecurity.com was the first to report the possible breach, which it says involved online payments from Aug. 2, 2013, to Jan. 31, 2014.
In a statement, the DMV says law enforcement alerted it to a potential security breach. The agency says there's no evidence of a direct breach of its computer system. But it has opened an investigation as a precaution and is cooperating with state and federal law enforcement officials.
Eisen says MasterCard has sent out alerts to member banks. He advises consumers to review their accounts and contact their card issuer for assistance.