Personal data of millions of Americans exposed in global cyber attack — what you need to know

An open lock depicting a data breach
(Image credit: Shutterstock)

Americans from Louisiana and Oregon could be at risk of falling victim to identity theft and other cyberattacks following a massive data breach that occurred last month.

As reported by BleepingComputer, the Clop ransomware gang began exploiting a previously unknown zero-day vulnerability (tracked as CVE-2023-34362) in the popular file transfer software MOVEit Transfer on May 27.

Since this software is used by large companies from a wide variety of industries from finance and education to energy, IT, healthcare and more as well as by government organizations, the impact of this data breach is already being felt worldwide.

Given that the Louisiana Office of Motor Vehicles (OMV) and the Oregon Driver & Motor Vehicles Services both use MOVEit Transfer as part of their operations, Louisiana and Oregon are now warning that millions of driver’s licenses and other state-issued documents have been obtained by the Clop ransomware gang following the attacks from last month.

Unlike with malicious apps or phishing attacks, even if users weren’t taking unnecessary risks online, their personal data is now in the hands of hackers as a result of the MOVEit breach.

State-issued IDs and documents stolen by hackers

A hacker typing quickly on a keyboard

(Image credit: Shutterstock)

In a new alert, Louisiana’s OMV revealed that it believes that everyone who lives in the state and has a state-issued driver’s license, ID or car registration likely had their personal data exposed by Clop.

According to the OMV, the full names, physical addresses, Social Security numbers, birth dates, height, eye color, driver’s license numbers, vehicle registration information and handicap placard information of Louisiana residents was exposed. However, the agency says that so far, there has been no indication that the hackers responsible have used, sold, shared or released any of this stolen data yet.

In fact, the Clop ransomware gang may have actually deleted this data as they promised to erase any stolen government data in an announcement put out following the data breach.

Meanwhile, Oregon’s DMV also released a statement along with a press release in which it explained that approximately 3.5 million Oregonians with an ID or driver's license have been impacted as a result of the MOVEit breach. Unfortunately though, the state’s authorities have said that they are unable to identify specific victims at this time which means that all residents of the state will need to take the necessary precautions and assume that the Clop ransomware gang has their personal data.

How to stay safe if your personal data was exposed in the MOVEit data breach

As of now, the Clop ransomware gang has only revealed which companies and organizations have been affected as the result of the MOVEit data breach on its data leak site. None of the data stolen in the breach has been leaked yet but it could be.

We also don’t know whether or not the group will honor its promise to delete stolen government data. For the moment, we’re going to have to take the hackers behind this massive data breach at their word but there are still precautions you can take if you live in either Louisiana or Oregon.

For starters, you want to operate on the assumption that your data was stolen by the Clop ransomware gang. This means that you will need to monitor your credit reports, bank statements and other financial accounts for signs of identity theft. At the same time, you also want to be on the lookout for targeted phishing attacks that may use this stolen data against you or as a lure to pay the hackers responsible.

If you’ve already signed up for one of the best identity theft protection services, they will be able to help you recover your identity as well as any funds lost to fraud. However, you would have needed to be a paying subscriber before the MOVEit breach occurred to take advantage of these protections.

For now though, we should all be extra careful online regardless of whether or not we live in Louisiana or Oregon as US federal agencies and businesses around the world have been impacted by this massive data breach.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.