CNN
—
Millions of people in Louisiana and Oregon had their data compromised Widespread cyber attack It has also hit the US federal government, state agencies said late Thursday.
About 3.5 million Oregonians with driver’s licenses or state identification cards and anyone with those documents in Louisiana were affected by the breach, officials said. Casey Dingle, a senior official in the Louisiana governor’s office, said Friday that more than 6 million records have been compromised, while noting that the number is a duplicate because some people have both vehicle registrations and driver’s licenses.
States have not blamed anyone in particular for the hack, but federal authorities have attributed a broader hacking campaign using the same vulnerability to a Russian ransomware gang.
Hackers exploited a flaw in a popular file transfer software called MOVEit, developed by Massachusetts-based Progress Software.
Hundreds of companies worldwide Their data may have been exposed after hackers used the flaw to infiltrate networks in recent weeks. CNN first reported on Thursday that several US federal agencies, including the Department of Energy, had been breached. US officials described the cyber attack as an opportunistic, financially motivated hack that did not disrupt agency services.
The list of confirmed victims grew Friday afternoon after multinational consulting firm Aon told CNN that files related to “a select number of our clients” were accessed by hackers in the MOVEit breach. Other major corporations, including the BBC and British Airways, as well as universities such as the University of Georgia, were affected by the breach.
Data exposed in the Oregon and Louisiana Departments of Motor Vehicles breach may have included Social Security numbers and driver’s license numbers, prompting state officials to advise their residents on how to protect themselves from identity fraud.
Louisiana Gov. John Bel Edwards’ office said in a statement that there is no indication that the hackers sold or published data stolen from the Louisiana Office of Motor Vehicles, and that the hackers did not contact the state government.
Over the weekend, US authorities and corporate executives across the country continued to hunt for signs of stolen data and try to stop hackers from extorting victims.
“We can’t rely solely on technical and security data related to potential victims [software installations, but also business relationships – contracts, for example – to really understand how bad this is, and how bad it’s going to get,” Munish Walther-Puri, senior director of critical infrastructure at consultancy Exiger, told CNN.
US cybersecurity officials have ordered federal agencies to apply updates from Progress Software, but the recovery process was complicated on Thursday by the discovery of a fresh vulnerability in the software that the company is racing to fix.
Clop, the Russian-speaking hackers that claimed credit, are known to demand multimillion-dollar ransoms, though US and state governments say they have not received any demands. The hackers appear to be focusing their extortion on companies that may pay, adding alleged victims to their dark-web site to pressure them.
One person with direct knowledge of negotiations between Clop and its victims said the hackers had in one case asked for more than $100 million from one corporate victim — an audacious number that was a nonstarter.
The hackers are being “extremely aggressive” in negotiations to try to extort victims, said the source, who spoke on the condition of anonymity because they were not authorized to speak to the press.
“Several hundred” companies and organizations in the US could be affected by the hacking spree, a senior US official told reporters on Thursday. It’s another test of the US government’s ability to respond to a cyber incident that could take months to fully understand.
But after a spike in ransomware attacks in 2021, preparation for potential Russian cyberattacks around the Kremlin’s full-scale invasion of Ukraine and other serious cyber threats, the FBI and US Cybersecurity and Infrastructure Security Agency “are in a pretty good place to handle an influx of notifications and provide assistance,” said Jeff Greene, who was a senior cyber official at the National Security Council until last year.
“I watched firsthand as [those agencies] “We’ve gotten better and better at responding to threats,” Green, now senior director of the Aspen Institute’s cybersecurity program, told CNN.
