A cyberattack against Intoxalock, one of the largest U.S. providers of ignition interlock breathalyzers, has left drivers across the country unable to start their vehicles after routine device calibrations lapsed and could not be completed. What began as an IT outage escalated into a real-world mobility crisis for people who must pass an in-car breath test before driving.
The company acknowledged “downtime” following a March 14 incident and said customers may face delays if their devices require calibration. Because many interlocks initiate a lockout when a calibration window expires—a safeguard meant to prevent tampering—drivers have found their vehicles immobilized until the vendor’s systems and service network recover.
What Happened and Who Is Affected by the Outage
Reports from customers and service centers indicate widespread lockouts from New York to Minnesota, with local newscasts in Maine highlighting drivers stranded for days. A Massachusetts shop owner told Boston’s WCVB 5 that multiple cars have sat in the lot all week waiting for calibrations that can’t be processed while systems are offline.
Intoxalock has not said whether the attack involved ransomware or a data breach, nor whether any ransom demand was received. The company’s technology is used in 46 states and it says it serves about 150,000 drivers annually—scale that helps explain the breadth of the disruption now playing out at garages, service centers, and curbside across the U.S.
Customers have described a common pattern: the device signals a required calibration, appointments are missed or cannot be completed due to the outage, and the interlock subsequently blocks the ignition. With vendor systems down, field technicians say they can’t push updates or issue temporary codes that would ordinarily clear the lockout.
How ignition interlock devices work and require calibration
Ignition interlock devices (IIDs) require a breath sample below a preset threshold before a vehicle will start. The devices also log data and prompt periodic “rolling retests” while the car is in motion. To ensure accuracy and prevent circumvention, manufacturers and state programs require regular service and calibration—often every 30 to 60 days, with full recalibrations every few months.
If a calibration window expires, most devices initiate a limited grace period before an enforced lockout. Under normal conditions, a technician updates the device software and sensors at a service center and the car is cleared to operate. When the vendor’s backend is unreachable, that routine process can break down, leaving the vehicle effectively bricked even though nothing is mechanically wrong.
The stakes are high. The National Highway Traffic Safety Administration reports that alcohol-impaired driving deaths reached 13,524 in 2022, accounting for 31% of all traffic fatalities. Public health agencies and advocacy groups widely credit interlocks with reducing repeat offenses; the Centers for Disease Control and Prevention estimates IIDs reduce recidivism by about 70% while installed. The current outage underscores how essential reliability is for safety technology that also functions as a legal compliance tool.
Cybersecurity risks and public safety technology
This incident highlights a growing challenge at the intersection of cybersecurity and transportation: when safety-critical hardware relies on centralized software services, a single vendor outage can cascade into real-world paralysis. The Cybersecurity and Infrastructure Security Agency has repeatedly warned that ransomware and related disruptions targeting transportation and automotive software can trigger far-reaching operational impacts.
Unlike a typical app outage, ignition interlocks are embedded in court-ordered compliance. An unexpected lockout can put drivers at risk of violating probation terms, missing work, or incurring towing and storage fees through no fault of their own. The episode also raises questions about vendor redundancy, offline fail-safes, and continuity planning—areas regulators and state highway safety offices may scrutinize once systems are restored.
Intoxalock has not provided an estimated recovery timeline, and there’s no public indication yet of data compromise. If personal data was accessed, state breach-notification laws could require disclosures to affected customers; if not, the immediate priority remains restoring calibration capability and clearing backlogs at service centers.
Relief steps for stranded drivers during the outage
Drivers impacted by lockouts can document all attempted appointments and communications, retain receipts for towing or storage, and proactively notify their probation officer, court, or monitoring authority about the vendor outage. Several state ignition interlock programs allow extensions or waivers during documented system failures; checking with a state highway safety office can clarify local options.
Service centers may be able to queue calibrations for immediate processing once systems return. Consumers should be cautious about third parties offering “unlock” services—tampering can trigger further lockouts and violations, and may damage the device or vehicle electronics.
What to watch next as recovery and responses unfold
Key developments to monitor include the restoration timeline, any confirmation of the attack type, and potential regulatory responses. States that contract with ignition interlock vendors could move to require stronger business continuity standards, offline calibration contingencies, and clearer consumer protections during outages. For now, the immediate reality is straightforward and frustrating: until the systems behind these breathalyzers are back online, many drivers will remain parked.
