DMV data on millions of Americans leaked - make sure you aren't affected in latest MOVEit breach

Craig Hale
·2 min read
1
identity theft
identity theft

The latest in a growing number of organizations affected by a MOVEit vulnerability exploitation is the Department of Motor Vehicles (DMV), with millions of Americans potentially affected.

The new breach affects drivers in the state of Louisiana, where na estimated six million records were compromised.

The affected records relate to Louisianan vehicle registrations and driver's licenses, which is believed to have exposed information including name, address, Social Security Number (SSN), birthdate, height, eye color, driver’s license number, vehicle registration information, and handicap placard information.

Another serious MOVEit breach has happened

As well as the millions of Louisiana residents affected, a further 3.5 million Oregon residents with a driver’s licenses or state ID card have likely had personally identifiable data about them exposed, which Oregon Attorney General Ellen Rosenblum called “distressing.”

Read more

> These are the best firewalls to keep you safe

> The first victims of the MOVEit ransomware attacks have been revealed

> There's a hefty reward in store for those who know about Clop ransomware links

Both states have advised citizens to consider applying a freeze to their credit in anticipation that any personally identifiable information may be used for such purposes, citing the Equifax, Experian, and TransUnion credit agencies as places to do this.

Other recommendations by the states include changing passwords and login credentials, setting up an ‘Identity Protection Pin’ to protect tax returns and refunds, checking that state benefits are unaltered, setting up fraud alerts, and reporting any suspicions of identity theft.

MOVEit was described by Louisiana officials as an “industry-leading third party data transfer service” used by numerous organizations globally, including many government agencies. Recently, the exploitation of a vulnerability in MOVEit’s code has seen an alarming number of data breaches.

Other US federal agencies, like the Department of Energy and the Office of Personnel Management, as well as private organizations like the BBC, Transport for London, and British Airways have been affected globally.

It is believed that CL0P is behind the attacks, which have resulted in huge ransoms and other threats.

A MOVEit spokesperson told TechRadar Pro:

"We remain focused on supporting our customers by helping them take the steps needed to further secure their environments, including applying the patches we have released. We are continuing to work with industry-leading cybersecurity experts to investigate the issue and ensure we take all appropriate response measures. We have engaged with federal law enforcement and other agencies and are committed to playing a leading and collaborative role in the industry-wide effort to combat increasingly sophisticated and persistent cybercriminals intent on maliciously exploiting vulnerabilities in widely used software products."

Via Ars Technica