Data from millions of people in Louisiana and Oregon were compromised in the expanding cyberattack that also affected the US federal government, state agencies said.
The attack affected 3.5 million Oregonians with driver’s licenses or state identification cards, and anyone with such documentation in Louisiana, authorities said. The Louisiana Governor’s Office did not put a death toll, but more than 3 million people have driver’s licenses in the state, according to public data.
Who is responsible?
The states did not blame anyone in particular for the attack, but federal officials have attributed a broader hacking campaign using the same software vulnerability to a Russian ransomware gang.
The big hack probably exposed data from hundreds of organizations around the world and also compromised several US federal agencies, including the Department of Energyas well as data from large corporations in Britain, such as the BBC and British Airways.
Russian-speaking hackers who claimed credit for the attack have been known to demand multi-million dollar ransoms, although the US and state governments say they did not receive any lawsuits.
exposed data
Data exposed in the attack on the Oregon and Louisiana Departments of Motor Vehicles may include social security numbers and driver’s license numbersprompting state authorities to advise their residents on how they can protect themselves against identity fraud.
There are no signs that the hackers have sold or posted data stolen from the Louisiana Bureau of Motor Vehicles, and the hackers have not contacted the state government, Louisiana Governor John Bel Edwards’ Office said in a statement.
The US Cybersecurity and Infrastructure Security Agency revealed to CNN that several agencies of the US federal government have been attacked.
ransomware gang
Clop, the ransomware gang allegedly responsible, is known to demand multi-million dollar ransoms. But no ransom demands have been made to federal agencies, the senior official told reporters at a background briefing.
Progress Software, the US company that makes the software exploited by hackers, it said it had discovered a second vulnerability in the code and that the company was working to fix it.
The attacks have had no “significant impact” at federal civilian agencies, CISA Director Jen Easterly told reporters, adding that hackers have been “largely opportunistic” in using the software flaw to break into networks.