A vulnerability in the MOVEit file transfer software has led to the infiltration of the personal records of millions of Americans across several states, according to Tech Radar.
The exploit has targeted the Department of Motor Vehicles (DMV) in Louisiana and Oregon. MOVEit software is used globally by several organizations, including many government agencies, and the vulnerability’s code has been connected to several data breaches, the publication added.
Approximately 6 million Louisiana residents have been affected by the cyberattack, with their vehicle registrations and driver’s licenses being exposed. These documents have revealed personal data including their “name, address, Social Security Number (SSN), birthdate, height, eye color, driver’s license number, vehicle registration information, and handicap placard information.”
Oregon has confirmed at least 3.5 million residents have had their driver’s licenses or state ID cards exposed in the breach, for a total of 9.5 million people affected.
Both the states of Louisiana and Oregon have put out advisories to their residents to put a hold on their credit to head off any potential scams that could arise on their personal accounts. Citizens can do so through the Equifax, Experian, and TransUnion credit agencies.
Other standard recommendations include updating passwords and other login credentials on online tax preparation websites and software and establishing an Identity Protection Pin if you haven’t already. Those in the affected states should also ensure that their state benefits have not been tampered with, set up fraud alerts, and report any suspected identity theft.
As mentioned, the Louisiana and Oregon DMV breaches have not been isolated incidents. Other organizations affected by the MOVEit vulnerability include the U.S. Department of Energy and the Office of Personnel Management, the British Broadcasting Corporation (BBC), Transport for London, and British Airways.
Reports indicate that the ransomware group CL0P is behind the attacks. In other cases, organizations have offered up several millions of dollars in ransom to retrieve their data.
MOVEit told TechRadar that it has deployed security patches to its software and is cooperating with cybersecurity experts to help resolve the issue.
Bad actors have become very skilled in identifying exactly what sources are the best to attack. In April, the IRS-authorized tax preparation software service eFile.com suffered a JavaScript malware attack in the middle of tax season.
