Millions of driver’s licenses have been exposed in a data breach affecting Louisiana and Oregon, as the Clop ransomware gang targeted their MOVEit Transfer file transfer systems.
These attacks, which began on May 27th using a zero-day vulnerability, have resulted in widespread data breaches impacting various companies, federal government agencies, and local state agencies worldwide. Both the Louisiana Office of Motor Vehicles and the Oregon Driver & Motor Vehicle Services confirmed that they used the compromised MOVEit Transfer software.
While the stolen data, including personal information such as names, addresses, and social security numbers, may have been deleted as promised by the hackers, affected individuals are advised to take precautions and protect their identities.
The Louisiana Office of Motor Vehicles believes that all individuals with a state-issued driver’s license, ID, or car registration may have had their data exposed in the unprecedented MOVEit data breach.
Although there is no evidence that the Clop gang utilized or released the stolen data, residents are urged to take measures to safeguard their information and report any suspicious activities. Similarly, the Oregon Driver & Motor Vehicle Services announced that approximately 3.5 million Oregonians with an ID or driver’s license were impacted by the MOVEit Transfer breach.
As specific victims cannot be identified, citizens are advised to assume their personal data was exposed and remain vigilant against potential targeted phishing attacks.
While the Clop ransomware gang initiated extortion attempts against victims of the MOVEit attacks, no stolen data has been leaked thus far. It remains uncertain whether the hackers will uphold their promise to delete the stolen government data.
Even if the data is not used for extortion purposes, there is a risk of it being sold to other malicious actors. As a result, individuals in Louisiana and Oregon are urged to consider their data at risk, monitor their credit reports for signs of identity theft, and take necessary precautions.
Notable organizations that have disclosed MOVEit Transfer breaches include various US federal agencies, Zellis, the University of Rochester, and the government of Nova Scotia, among others.
