Car dashboard and steering wheel from driver perspective

The bottom line: Hackers flooded Intoxalock's servers on March 14, taking down the ignition interlock system that courts mandate for DUI offenders in 46 states. For nearly a week, thousands of people couldn't start their cars. They weren't drunk. Their monitoring company just got hacked. The company that tracks your location, records your breath samples, and reports everything to authorities? It couldn't keep its own servers running.

A Week Without Wheels

On March 14, 2026, Intoxalock's servers went dark. The Iowa-based company (owned by private equity firm Welsh, Carson, Anderson & Stowe since 2017) provides ignition interlock devices to roughly 150,000 people per year [1].

These aren't optional gadgets. Courts order people convicted of DUI to install them. You blow into a breathalyzer attached to your ignition. If it reads above .02 BAC, your car won't start. Miss a calibration appointment? The device can lock you out entirely.

That's exactly what happened. Intoxalock won't say what type of attack hit them (DDoS, ransomware, or something else) only that hackers "flooded" their servers [2]. By Saturday, March 16, the entire system was down. People with interlock devices installed couldn't start their cars, period.

"Totally Up the Creek"

For nearly a week, affected drivers had no options. One Maine driver told local news: "Anybody that's locked out has remained locked out. There's people that haven't been able to drive since Saturday" [3].

Another said: "I'm really lucky. A lot of other people are not so lucky... just totally up the creek."

Think about what that means. You can't get to work. Can't pick up your kids. Can't make a doctor's appointment. Not because you violated probation, but because the company paid to monitor you got hacked.

Intoxalock finally restored service by Thursday, March 20. That's six days. The company offered a 10-day extension on calibration requirements and promised to cover "costs that are a direct result of this interruption" [4]. Cold comfort if you lost your job because you couldn't show up for a week.

What They Collect on You

Here's the part Intoxalock doesn't emphasize in their marketing. These devices aren't just breathalyzers. They're rolling surveillance systems [5]:

  • GPS location: Many devices track exactly where you drive and where you provide breath samples
  • Breath alcohol readings: Every test, timestamped
  • Photos: Some devices have cameras that photograph you during each test
  • Tampering attempts: Any time the device thinks you're trying to circumvent it
  • Calibration compliance: When you show up for service, when you don't

All of this gets sent to your monitoring authority: courts, probation officers, or state DMVs. Some states require real-time GPS reporting. Others get monthly data dumps during calibration appointments.

The constitutional questions around GPS-enabled interlocks have simmered for years. Minnesota discovered that five licensed manufacturers were installing GPS in devices without telling users [6]. When you attach a tracker to someone's car without their knowledge, that's normally a Fourth Amendment problem. But if it's court-ordered? The rules get murky.

What About the Data?

Intoxalock claims "user data is currently secure" [7]. They haven't confirmed a ransomware demand or data breach. But they also won't say what kind of attack hit them.

The four-day gap between the attack (March 14) and public disclosure (March 18) isn't reassuring. And the company's database isn't just names and addresses. It's a detailed record of where 150,000 Americans drove, when they blew into a breathalyzer, and whether they were drinking.

If that data leaked, it would be a goldmine for blackmailers. Imagine getting a message: "We know you were parked at [address] at 2 AM on these dates. We have photos of you taking the breathalyzer test. Pay up or we send this to your employer."

The Problem with Mandatory Surveillance Tech

This is what happens when courts mandate surveillance technology run by private companies answering to private equity investors. The people being monitored have no choice about which provider to use. They can't switch to a competitor. They're stuck.

And when that provider fails (whether through incompetence, cost-cutting, or a cyberattack) the monitored population bears the consequences. Lost wages. Missed obligations. Potential probation violations through no fault of their own.

Maine's Deputy Secretary of State acknowledged the state was "aware and in contact with the company" [3]. But awareness doesn't help someone stranded without a car. And switching providers mid-program isn't simple. It requires new installations, new calibration schedules, and often more fees.

What Affected Users Should Do

Document everything. Screenshot any error messages. Keep records of days you couldn't drive. Save any communications from Intoxalock.
Contact your probation officer or court. Report the outage. Get written acknowledgment that missed obligations were due to the cyberattack, not your fault.
Track your costs. Intoxalock says they'll cover direct costs. Keep receipts for rideshares, rental cars, lost wages, or other expenses caused by the outage.
Check with your state DMV. Some states have multiple approved interlock providers. You may be able to switch.

References

  1. Intoxalock: About Us
  2. TechCrunch: Cyberattack on vehicle breathalyzer company leaves drivers stranded across the US (March 20, 2026)
  3. WGME: Cyberattack leaves Maine drivers with breathalyzer test systems unable to start vehicles
  4. UpGuard: Intoxalock Investigating Cyberattack (March 20, 2026)
  5. Intoxalock: Why does my ignition interlock device have GPS tracking?
  6. Minneapolis DWI Lawyer: The Constitutionality of GPS Technology in Ignition Interlock Devices
  7. DataBreaches.net: Cyberattack leaves drivers in 46 states unable to start vehicles (March 19, 2026)