Cyberattack on a top ignition interlock device provider leaves drivers stranded across the US

A massive cyberattack on Intoxalock, one of the largest providers of ignition interlock devices (IIDs) in the United States, has effectively "bricked" an estimated 150,000 vehicles across 46 states. The breach, which began on March 14, 2026, has left drivers who rely on these court-mandated breathalyzers unable to start their cars, regardless of their sobriety.

The disruption was caused by hackers overloading the company's central servers, preventing the devices from communicating with the backend systems required for routine calibrations.

Under many state laws, these devices must be calibrated every 30 to 60 days. So when the servers failed, the devices triggered "lockout" safeguards designed to prevent tampering, immobilizing the vehicles.

"This isn't just a technical glitch; it's a mobility crisis," said one stranded driver in Maine. "I've been unable to get to work or take my kids to school for four days. The device that was supposed to keep the roads safe has turned my car into a digital ankle brace."

A logistics nightmare for drivers

While the devices themselves can still process breath samples, they cannot verify the results or process the essential calibration updates while the network is offline. This has led to widespread reports of cars being towed to service centers that are equally powerless to help, as their local diagnostic tools are also locked out of the Intoxalock network.

In response to the crisis, Intoxalock has announced several emergency measures:

• 10-day extensions: Service centers can now issue a 10-day calibration extension for most devices (excluding those in Massachusetts, Maine, Tennessee, and Washington).

• Fee waivers: The company has pledged to waive all charges and fees directly resulting from the outage.

• Towing reimbursement: Drivers forced to tow their vehicles are being told to save all receipts for future reimbursement.

Legal and regulatory fallout

The breach highlights a critical vulnerability in IoT-based legal compliance. Thousands of individuals are now at risk of technically violating their probation or court orders through no fault of their own. State motor vehicle departments in several regions have acknowledged the situation and are reportedly working with Intoxalock to ensure drivers are not penalized for missed calibrations during the outage.

"This is a wake-up call for the entire industry," noted a cybersecurity analyst at Cybernews. "When you have 150,000 mission-critical consumer devices depending entirely on a single cloud infrastructure, you've created a massive single point of failure that can be weaponized."

While Intoxalock maintains that customer personal data remains secure, the company has not yet confirmed if a ransom demand was made or when full system restoration is expected.