The personal details of millions of Oregon and Louisiana residents have been exposed after a notorious ransomware gang breached the states' DMV services using a known vulnerability in a popular file-transfer service.
On Thursday, Oregon’s Department of Transportation warned(Opens in a new window) that hackers had breached the state agency’s systems to steal personal details on 3.5 million ID and driver's license holders.
Louisiana’s Office of Motor Vehicles issued a similar alert(Opens in a new window), saying that “all Louisianans with a state-issued driver’s license, ID, or car registration” had their data exposed to the hackers. Compromised details include Social Security number, address, and driver’s license number.
The departments were breached because both use MOVEit, a file-transfer software from the company Progress. Last month, ransomware gang CL0P began exploiting(Opens in a new window) a newly uncovered zero-day vulnerability in the software to steal data from MOVEit databases.
The attacks mean CL0P could potentially breach hundreds of companies and organizations that rely on the file-transfer software. On Thursday, US cyber authorities warned(Opens in a new window) that several federal government agencies had also been compromised, without providing more details.
The fallout could ensnare numerous consumers across the US, especially since CL0P says it will post the stolen information on its dark web site unless it receives a payment. Stolen ID numbers and other personal details can make it easy for fraudsters to commit identity theft scams on vulnerable victims.
The US Cybersecurity and Infrastructure Security Agency (CISA) has been urging companies to patch(Opens in a new window) the MOVEit flaw since
Read more on pcmag.com