Millions of State IDs Stolen in Oregon and Louisiana Due to MOVEit Breach

June 16, 2023

Millions of driver's licenses in Louisiana and Oregon were exposed in a data breach after the Clop ransomware gang hacked their MOVEit Transfer security file transfer systems. The attacks began on May 27th, exploiting a zero-day vulnerability known as CVE-2023-34362. This has led to numerous data breaches worldwide, affecting companies, federal government agencies, and local state agencies.

Both the Louisiana Office of Motor Vehicles and the Oregon Driver & Motor Vehicle Services used the MOVEit Transfer software, which was compromised during these attacks. The Louisiana OMV announced that all Louisianans with a state-issued driver's license, ID, or car registration likely had their data exposed to the threat actors. An alert from the Louisiana OMV stated, "Louisiana's Office of Motor Vehicles (OMV) is one of a still undetermined number of government entities, major businesses and organizations to be affected by the unprecedented MOVEit data breach."

The exposed personal information includes names, addresses, dates of birth, driver's license numbers, and Social Security numbers. However, there is no evidence that the stolen data has been used, sold, or shared by Clop. In an email earlier this month, the Clop gang claimed they would not attack military, children's hospitals, or government entities, and that such data would be erased. They said, "I want to tell you right away that the military, children's hospitals, GOV etc like this we no to attack, and their data was erased."

Despite this claim, residents of Louisiana should still consider their data at risk and take appropriate measures such as resetting passwords, placing a credit freeze on their bank accounts, and reporting suspicious activities to authorities and card issuers. The Oregon DMV issued a similar statement, revealing that the breach impacted approximately 3.5 million Oregonians with an ID or driver's license.

The Oregon DMV's press release stated, "Since 2015, ODOT has used MOVEit Transfer, a popular file sharing tool created and supported by Progress Software Corp that allows organizations to securely transfer files and data between business partners and customers." The authorities in Oregon are unable to identify specific victims, so all citizens should take precautions and assume their personal data was exposed to cybercriminals.

Although Clop has begun extorting victims of the MOVEit attacks by listing breached companies on their data leak site, no stolen data has been leaked yet. As both the Louisiana and Oregon DMV fall under the government category, it remains to be seen whether the Clop extortionists will keep their promise and delete the stolen data. Regardless, the data could still be sold to other threat actors, so all affected individuals in Oregon and Louisiana should treat their data as at risk, monitor credit reports for identity theft, and be vigilant against possible targeted phishing attacks.

Other organizations that have disclosed MOVEit Transfer breaches include US federal agencies, Zellis (BBC, Boots, and Aer Lingus, Ireland's HSE through Zellis), the University of Rochester, the government of Nova Scotia, the US state of Missouri, the US state of Illinois, BORN Ontario, Ofcam, Extreme Networks, and the American Board of Internal Medicine.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.