A family-run garage in East Yorkshire has been left reeling after cybercriminals compromised its Driver and Vehicle Standards Agency (DVSA) login details, issuing 170 fraudulent “ghost MOTs” under the company’s name in just seven days.

Automotive Repair Company, based in South Cave, discovered the massive security breach after hackers gained unauthorised access to the workshop’s MOT Testing Service (MTS) account.

The fraudsters used the garage’s identity to generate official pass certificates for vehicles that never entered the workshop bays.

Garage owner Mike Longstaff, who has been an MOT tester for 46 years, expressed disgust over the incident, warning that the scam actively undermines the integrity of honest, hard-working professionals across the independent sector.

Related: Heavy electric vans escape HGV testing in major win for Class 7 testing stations

Both the police and the DVSA interviewed Mike and subsequently confirmed that the business was entirely innocent and had been the victim of a targeted identity fraud.

The sheer volume of the fraudulent activity quickly exposed the breach.

Rachael Longstaff, who manages the MOT centre, uncovered the scam after compiling a list of the unauthorised tests logged under their garage profile.

While a compliant, genuine MOT test requires a physical inspection that takes significant time to complete properly, the fraudsters bypassed normal workshop constraints by running multiple fraudulent sessions simultaneously.

Rachael Longstaff’s log showed independent pass certificates hitting the system data feed just minutes apart, with one vehicle registered at 11:18 and another separate session finalized at 11:22.

The garage suspects the vast majority of the 170 ghost certificates were purchased for older, poorly maintained vehicles unlikely to pass a legitimate inspection.

Related: Over 90,000 hybrids surpass 100,000 miles, MOT data shows

The sudden influx of fake passes highlights a growing black market where motorists simply send vehicle details and a digital payment to online scammers to bypass mandatory safety testing.

The incident has raised questions regarding the core security of the DVSA’s digital platform.

However, the DVSA clarified that this specific case was not the result of a direct cyberattack or a structural hack on their central software infrastructure.

According to the agency, there are no known instances of the MTS system itself being breached.

Instead, the vulnerability lies in a small number of cases where an individual account holder’s private login details are compromised externally, typically through phishing emails, weak passwords, or malware on local workshop devices.

Related: Garage Matters readers call for radical MOT reforms

A DVSA spokesperson confirmed they maintain active monitoring systems to flag unusual account activity and unauthorised access.

The agency stated that once unauthorized access to the MTS platform is identified, they immediately suspend the compromised account and cancel the validity of any ghost MOTs tied to the breach so they are no longer valid on the national database.

The fallout from credential theft extends far beyond the immediate operational stress caused to the innocent workshop team.

There is severe concern across the trade that dozens of unroadworthy, potentially dangerous vehicles are currently driving on UK roads with seemingly clean digital histories.

These vehicles can easily be sold on the secondary market to unsuspecting buyers. Innocent motorists looking for a reliable used vehicle could purchase these cars completely unaware that the safety sheet is fraudulent and that the vehicle has skipped critical safety checks.

How secure are your workshop’s MTS login details? Do you enforce strict digital security habits among your testing staff, or do you think the DVSA needs to introduce tougher biometric or hardware-based login protections to stop this happening to other garages? Share your thoughts in the comments below…