Saturday, 24 June 2023

Over 6M public records from motor vehicles office in Louisiana exposed to MOVEit hackers

 The Office of Motor Vehicles (OMV) in Louisiana recently suffered a massive data breach that exposed over six million public records containing details of state-issued IDs, driver's licenses, auto registrations, handicap placards and even government benefits' information.

The hacking operation was part of a global attack on the third-party file transfer application, MOVEit. The incident happened after the Pelican State introduced a new law increasing the uptake of digital ID, raising concerns among residents who fear that their internet activity might be monitored or exposed in case of a cyberattack.

In a statement, the Governor's Office of Homeland Security and Emergency Preparedness (GOHSEP) said there is no indication hackers have used, shared or released the data obtained from the OMV in the attack.

According to reports, the Clop ransomware group is behind the cyberattack. The cybercriminals have not yet contacted the state government regarding their latest data breach.  

The state government has been working with software company Envoc on the development and implementation of digital driver's licenses and wallet programs that would entail the storage of biometric information related to various licenses, including that of drivers and fishers.

Like Louisiana, Oklahoma has also steadfastly rolled out mobile ID programs for nearly two years, where the digital documents are compatible with Big Tech Apple's and Google's wallets.

GOHSEP urges residents to check on Social Security and other government benefits

The Louisiana local government immediately recommended that all residents should take immediate steps to safeguard their identity, mainly since sensitive information could be used in criminal activities. It was highly likely that their names, addresses, birthdays, heights, eye color, license numbers, vehicle registration information, handicap placard information and most notably their Social Security numbers were made available to the hackers.

GOHSEP advised residents to check out an official Louisiana government website, NextSteps.La.Gov, for information on how to protect information and what to do if fraud is suspected. New actions to take are available on the said website, including monitoring additional government benefits.

"We know that many people have many questions about what happened and the updated information on the website is designed to provide answers to help everyone better understand how the state is responding and what they can do to protect their personal information," said GOHSEP Director Casey Tingle. "Everyone should take this seriously and implement the protective measures."

When asked about the current level of security, Tingle said the software has already been updated with the patches the vendor has put out. He added that they are also in constant contact with the federal partners to identify the scope and severity of the data breach incident and will continue to provide any new information as it becomes available.

According to Tingle, suspected fraud activity on credit reports or identity theft can be reported to the U.S. Federal Trade Commission and the Consumer Protection Division of the Louisiana Attorney General's Office.

Meanwhile, the OMV's website recommended that all Louisianans take the following steps immediately: prevent unauthorized new account openings or loans, monitor credit and change all their passwords. The office also urged to protect tax refunds and returns with the internal revenue service, check social security benefits and report suspected identity theft.

No comments:

Post a Comment