The latest in a growing number of organizations affected by a MOVEit vulnerability exploitation is the Department of Motor Vehicles (DMV), with millions of Americans potentially affected.
The new breach affects drivers in the state of Louisiana, where na estimated six million records were compromised.
The affected records relate to Louisianan vehicle registrations and driver’s licenses, which is believed to have exposed information including name, address, Social Security Number (SSN), birthdate, height, eye color, driver’s license number, vehicle registration information, and handicap placard information.
Another serious MOVEit breach has happened
As well as the millions of Louisiana residents affected, a further 3.5 million Oregon residents with a driver’s licenses or state ID card have likely had personally identifiable data about them exposed, which Oregon Attorney General Ellen Rosenblum called “distressing.”
Both states have advised citizens to consider applying a freeze to their credit in anticipation that any personally identifiable information may be used for such purposes, citing the Equifax, Experian, and TransUnion credit agencies as places to do this.
Other recommendations by the states include changing passwords and login credentials, setting up an ‘Identity Protection Pin’ to protect tax returns and refunds, checking that state benefits are unaltered, setting up fraud alerts, and reporting any suspicions of identity theft.
MOVEit was descrived by Louisiana officials as an “industry-leading third party data transfer service” used by numerous organizations globally, including many government agencies. Recently, the exploitation of a vulnerability in MOVEit’s code has seen an alarming number of data breaches.
Other US federal agencies, like the Department of Energy and the Office of Personnel Management, as well as private organizations like the BBC, Transport for London, and British Airways have been affected globally.
It is believed that CL0P is behind the attacks, which have resulted in huge ransoms and other threats.
TechRadar Pro has reached out to Progress Software, the company behind MOVEit, for further comment on the ongoing data breaches linked to its file transfer service, but the company did not immediately respond.
Via Ars Technica