Cyberattack on U.S. Breathalyzer Company Strands Drivers Nationwide.

A significant cyberattack targeting Intoxalock, a prominent U.S. vehicle breathalyzer company, has triggered widespread disruption, leaving countless drivers across the United States unable to operate their vehicles. The incident, which began on March 14, has incapacitated critical systems, preventing essential device calibrations and effectively locking users out of their cars.

Intoxalock, a leading provider of ignition interlock devices (IIDs), confirmed on its website that it is "currently experiencing downtime" following the cyberattack. These specialized breathalyzer devices are mandated by courts for individuals convicted of driving under the influence (DUI) or similar offenses, requiring a negative alcohol breath sample before the vehicle’s engine can be started. The technology serves as a crucial component in ensuring road safety and fulfilling legal requirements for a substantial segment of the driving population.

Rachael Larson, a spokesperson for Intoxalock, corroborated the occurrence of a cyberattack in a statement to TechCrunch. Larson elaborated that the company proactively responded to the breach by taking measures to "temporarily pause some of our systems as a precautionary measure." While intended to safeguard their infrastructure, this precautionary shutdown has had severe, cascading effects on their vast customer base.

The core of the problem lies in the operational necessity for these breathalyzer devices to undergo regular calibration. Typically, these calibrations are required every few months to ensure the accuracy and functionality of the device, a critical step for compliance with legal mandates. However, the ongoing cyberattack has rendered Intoxalock incapable of performing these vital calibrations. Consequently, customers whose devices are due for, or have missed, their scheduled calibration are now facing significant hurdles, primarily experiencing delays in starting their vehicles or, more critically, complete lockouts.

The real-world impact on drivers has been immediate and severe, as evidenced by numerous accounts shared online and through local media. Users posting on platforms such as Reddit have detailed their frustrating experiences, reporting that their cars are completely unable to start if they miss a calibration deadline, regardless of their current sobriety. These drivers find themselves effectively locked out of their own transportation, creating immense personal and logistical challenges.

The geographic scope of the disruption is extensive, reflecting Intoxalock’s wide operational footprint across the United States. Local news reports from various states highlight the widespread nature of the crisis. In Maine, for instance, drivers have reported lockouts and an inability to start their vehicles due to the system outage, leaving them without essential transportation. Further illustrating the severity, an auto shop in Middleboro, Massachusetts, conveyed to WCVB 5 in Boston that their lot has been filled with stranded vehicles for an entire week, all awaiting Intoxalock service that cannot currently be provided. The issues are not isolated to the Northeast, with news outlets confirming similar situations affecting drivers from New York to Minnesota, underscoring the national scale of the problem. These reports consistently describe drivers unable to commute to work, attend appointments, or manage other essential daily activities because their vehicle-based breathalyzers cannot be serviced or recalibrated.

Despite the significant public impact, Intoxalock has remained tight-lipped regarding specific details of the cyberattack. The company has declined to disclose the precise nature of the cyber incident, leaving open questions as to whether it was a ransomware attack, if a data breach occurred, or if they have received any communications from the perpetrators, including potential ransom demands. This lack of transparency has added to the anxiety and uncertainty among affected drivers and raises concerns about the security posture of critical infrastructure providers.

Intoxalock’s services are integral to the lives of a substantial number of individuals, with the company operating in 46 states and claiming to provide services to an estimated 150,000 drivers annually. This vast network means that the cyberattack has the potential to affect a significant portion of the mandated ignition interlock device user population, leading to widespread disruption in daily routines and potential legal complications for those unable to comply with their device requirements due to technical failures. The inability to start a vehicle can have profound consequences, ranging from job loss and missed medical appointments to difficulties in fulfilling parental responsibilities or other critical obligations.

As of the latest reports, Intoxalock has not provided an estimated timeline for the full recovery of its systems or when normal calibration services are expected to resume. This absence of a clear resolution path leaves thousands of drivers in limbo, facing indefinite periods of immobility and uncertainty. The incident underscores the vulnerabilities inherent in critical digital infrastructure, particularly when it directly impacts essential services and the personal mobility of a large user base, many of whom are under legal obligation to maintain functional devices. The ongoing situation serves as a stark reminder of the far-reaching consequences of cyberattacks on interconnected systems and the urgent need for robust cybersecurity measures and transparent communication from affected entities.