HQ/EMEAFind out how we can help your business
A ransomware group performed a data breach attack against the Louisiana and Oregon MOVEit security file transfer systems to steal stored information. Based on reports, the hack nabbed millions of driver’s licenses from the two states.
The attack resulted in the widespread disclosures of information worldwide that impacted numerous companies, local state agencies, and federal government organisations.
The MOVEit flaw allowed the threat actors to steal millions of driver’s licenses through a data breach.
According to an investigation, the MOVEit vulnerability enabled the attackers to acquire troves of data from the citizens of Louisiana through state-issued driver’s licenses, car registration and IDs.
The confirmed information acquired by the threat actors includes primary data such as names, addresses, date of birth, height, and handicap placard information. In addition, the stolen Louisianian data also contained social security numbers, driver’s license numbers, and vehicular registration information.
However, the investigation stated that there is yet an indication that the Clop ransomware group sold, shared, or misused the stolen data. Hence, the group may have deleted the stolen information since they promised to remove all government data stolen from their attacks.
Unfortunately, millions of Louisiana residents still think their data is at risk. Hence, researchers advised that they take appropriate steps to safeguard their identity. Some measures include resetting passwords, putting a credit freeze on their bank accounts, and reporting any unwanted activities or card issues to authorities.
On the other hand, Oregon also released a similar statement. It organised a press release confirming that its MOVEit Transfer tool suffered a data breach and impacted about 3.5 million individuals in their state.
However, law enforcement agencies in Oregon claimed they do not have confirmation of any stolen details, preventing them from identifying specific victims. Hence, all citizens should first take precautions and expect that their information could land in the hands of the attackers.
Cl0p began extorting victims of the MOVEit flaw last week by listing breached companies on their data leak website. Fortunately, there is yet a data leaked by the group. Therefore, affected individuals from the two states should consider their data at risk.
