Intoxalock Cyber Incident Leaves Drivers Stranded Across 46 States

Cars sat in driveways for days across the country after a cyberattack struck Intoxalock, the Des Moines, Iowa-based company behind court-ordered ignition interlock breathalyzer devices, on March 14. The company's technology is used in 46 states, and Intoxalock claims to provide services to 150,000 drivers every year. The attack hit at a particularly vulnerable point: not the physical devices themselves, but the backend systems that process mandatory calibrations.

Intoxalock spokesperson Rachael Larson confirmed the company had been hit by a cyberattack, saying it took steps to "temporarily pause some of our systems as a precautionary measure." Those breathalyzer devices need to be calibrated every few months, and the cyberattack left Intoxalock unable to perform those calibrations. The company said customers whose devices required calibration may experience delays starting their vehicles.

The devices themselves remained operational during the outage. The disruption specifically affected customers who required a calibration during the system pause, which the company said was not the majority of their customers. Still, the impact was real and immediate for those caught in the window. Intoxalock described the incident as a DDoS-style cyberattack, a flood of traffic designed to overwhelm and take its servers offline. The company would not say what kind of cyberattack it was experiencing, such as ransomware or if there was a data breach, or whether it had received any communications from the hackers, including any ransom demands.

In Massachusetts, the damage was visible at street level. George Damato, owner of Juniors Automotive in Middleboro, said he had cars parked in his lot all week that wouldn't start. "It's been pretty hectic with people," Damato said. "I feel bad, but there's nothing we could do about it." Massachusetts gave affected drivers a 10-day extension window to obtain calibrations while the company worked to restore its systems. The Massachusetts Registry of Motor Vehicles confirmed it was aware of the security incident. In Maine, Intoxalock reported approximately 750 customers in the state, though the company said it did not know how many of those were directly impacted.

For customers requiring calibrations, Intoxalock developed a new system app that was pushed to all calibration devices while coordinating with state regulators to provide a temporary solution. The company posted on its status page that "Effective immediately, service centers will be able to give your device a 10-day extension while our systems are being restored," and said it would be waiving charges and fees directly resulting from the event. The extension was not uniform nationwide. Drivers in Tennessee, Washington, and certain other states faced different rules, and the extension did not apply to newer 2001A model devices in Pennsylvania, which are black and distinguishable from the standard gray models, though the company said that affects only a small portion of Pennsylvania users.

Drivers who missed calibrations since March 14 were directed to call Intoxalock Roadside Assistance at 844-226-7522. The company advised that towing costs incurred through a separate service could be reimbursed, provided drivers kept all documentation. SMS support was also available at (424) 724-4689.

The company posted on its website Sunday evening that its systems had been restored. Intoxalock confirmed to Breached Company that full restoration occurred on March 22. In a statement to CBS13, the company said: "Our primary focus continues to be supporting our customers. We are sorry for the inconvenience this has caused and are working diligently to resume our systems and are fully committed to supporting our customers throughout this process."

Service centers returned to fully operational status for standard installation and service appointments, with Intoxalock working with each state on program-specific transition plans as it returns to full service. Drivers seeking current status can visit learn.intoxalock.com/status.

The episode exposed a structural vulnerability that extends well beyond one company's network. The drivers relying on these devices are held to exacting compliance standards and face serious legal consequences for any failure to meet their court-mandated obligations. The vendor that makes their compliance possible faces, as one analysis noted, far less clear accountability. State DMVs sent guidance to judges to extend compliance windows, but that required individual action at the court level rather than a systemic response, a patchwork outcome that regulators and court administrators may not be able to afford the next time a single vendor goes dark.