The latest in a growing number of organizations to be affected by exploitation of a MOVEit vulnerability is the Department of Motor Vehicles (DMV), which has the potential to affect millions of Americans.
The new violation affects drivers in the state Louisianawhere an estimated six million records were compromised.
The records affected relate to vehicle registrations and driver’s licenses from Louisiana, which are believed to have disclosed information such as name, address, Social Security Number (SSN), date of birth, height, eye color, driver’s license number, vehicle registration information, and information from disability plates.
Another major MOVEit breach occurred
In addition to the millions of Louisiana residents who have been affected, an additional 3.5 million Oregon residents with a driver’s license or state ID are likely to have had their personal information disclosed, which is the case Oregon Attorney General Ellen Rosenblum called this “troubling”.
Both states, citing credit bureaus Equifax, Experian and TransUnion, have recommended that citizens consider a credit freeze because they believe personal information could be used for such purposes.
Other recommendations from states include changing passwords and login details, setting up an “identity protection PIN” to protect tax returns and refunds, verifying that state benefits are unchanged, setting up fraud alerts and reporting suspicious activity identity theft.
MOVEit has been described by Louisiana authorities as an “best-in-class third-party data transfer service” used by numerous organizations worldwide, including many government agencies. Exploiting a vulnerability in MOVEit code has led to an alarming number of data breaches recently.
Other US federal agencies such as the Department of Energy and the Office of Personnel Management, as well as private organizations such as the BBC, Transport for London and British Airways are affected worldwide.
CL0P is believed to be behind the attacks, which resulted in large ransom payments and other threats.
Tech Radar Pro has reached out to Progress Software, the company behind MOVEit, for further comment on the ongoing data breaches related to its file transfer service, but the company has not responded immediately.
Over Ars Technica
