He added that the agency has opened an investigation "out of an abundance of caution" along with federal and state law enforcement agencies.
The DMV allows clients to pay by credit card in online transactions and at self-service terminals at some locations, for transactions such as renewing driver's licenses and vehicle registrations, Botello said in a phone interview.
He declined to release other details about the potential breach, including how many customers might have had their data compromised and the time frame when it might have occurred.
There is no evidence of a direct breach of the DMV's computer system, Botello said in the statement.
(Read more: Hotel data breach went undiscovered for nine months)
"In its investigation, the department is performing a forensic review of its systems and seeking information regarding any potential breach from both the external vendor that processes the DMV's credit card transactions and the credit card companies themselves," the statement said.
The blog Krebs on Security first reported the suspected data breach, citing unnamed sources at financial institutions. It said the potentially compromised transactions occurred between Aug. 2 and Jan. 31 and the data that may have been stolen could include credit card numbers, expiration dates and three-digit security codes.
Representatives from MasterCard, Visa, American Express, and Discover Financial Services could not immediately be reached for comment.
MasterCard spokesman Seith Eisen told the Los Angeles Times the credit card company is "aware of and investigating" reports of a potential breach involving the California DMV.
Last year, some 40 million payment card records were stolen from retailer Target, and Congress is investigating the breach along with lapses at other retailers. Credit card companies have pushed for better security.
Earlier this year, upscale retailer Neiman Marcus said a data breach potentially exposed payment card information at 77 of its 85 stores between last July and October.