Louisiana and Oregon are warning that millions of driver’s licenses have been exposed to a data breach after a ransomware gang hacked into their MOVEit Transfer security file transfer systems to steal stored data.

These attacks were carried out by the Clop ransomware operationwho started global MOVEit Transfer server hack on May 27 using a previously unknown zero-day vulnerability identified as CVE-2023-34362.

These attacks have led to numerous data breach disclosures around the world, affecting businesses, federal government agencies, and local agencies.

According to press releases from the Louisiana Office of Motor Vehicles and Oregon Driver & Motor Vehicle Services, both agencies used MOVEit Transfer software, which was hacked in these attacks.

Millions of driver’s licenses stolen

The Office of Motor Vehicles of Louisiana (OMV) announced yesterday that it believes that all Louisianans with a state-issued driver’s license, ID or car registration likely had their data exposed to threat actors.

“The Louisiana Office of Motor Vehicles (OMV) is one of an as-yet-undetermined number of government entities, large businesses, and organizations to be impacted by the unprecedented MOVEit data breach,” explains an alert of the Louisiana OMV.

The OMV says those affected likely exposed the following personal information:

• Name
• Address
• Social Security number
• Date of birth
• Height
• Eye colour
• Driver’s license number
• Vehicle registration information
• Information on the handicap plate

However, the agency says there is no evidence that Clop used, sold, shared or published any of this data, so the stolen data may have been deleted as the ransomware actors promised in their announcement to remove all stolen government data.

“I want to tell you right now that the military, children’s hospitals, GOV, etc., we can’t attack, and their data has been wiped,” the Clop gang told BleepingComputer in an email. earlier this month.

Nevertheless, millions of people living in Louisiana should still consider their data at risk. They are advised to take appropriate measures to protect their identity, reset their passwords, freeze the credit of their bank accounts and report any suspicious activity to the authorities and their card issuers.

The Oregon DMV issued a similar statement and one Press release explaining that its MOVEit Transfer data breach affected approximately 3,500,000 Oregonians with ID or driver’s license.

“Since 2015, ODOT has used MOVEit Transfer, a popular file sharing tool created and supported by Progress Software Corp that allows organizations to securely transfer files and data between business partners and customers,” reads Oregon DMV press release.

“On Monday, June 12, ODOT confirmed that the data accessed contained personal information for approximately 3.5 million Oregonians. While much of this information is widely available, some of it is sensitive personal information. .”

Authorities in Oregon have said they are unable to identify specific victims, so all citizens are advised to take precautions and assume that their personal data has been exposed to cybercriminals.

While Clop started extorting victims of MOVEit attacks listing the hacked companies on the ransomware operation’s data leak site on Wednesday, no stolen data has yet been leaked.

Also, because the Louisiana and Oregon DMVs fall under the government category, it’s too early to tell if Clop’s extortionists will keep their promise and delete the stolen data.

Even if this data is never used in extortion attempts, it is possible that the data is sold to other threat actors.

Therefore, all affected individuals in Oregon and Louisiana should treat their data as at risk, monitor credit reports for identity theft, and remain vigilant against potential targeted phishing attacks.

Other organizations that have previously disclosed MOVEit Transfer violations include US Federal Agencies, Zellis (BBC, Boots and Aer Lingus, Irish HSE via Zellis), the University of Rochester, the Nova Scotia governmentTHE US state of MissouriTHE US state of Illinois, BORN IN Ontario, Ofcam, Extreme networksand the American Board of Internal Medicine.