Published: July 01, 2023 on our newsletter Security Fraud News & Alerts Newsletter.
Officials from Louisiana have revealed that hackers are responsible for a massive cyber-attack targeting driver’s license and state ID holders in the state. This attack, thought to be an exploit of the MOVEit vulnerability, which also affected prominent entities like the U.S. Department of Energy, British Airways, and the BBC, exposed personally identifiable information (PII) of millions of residents. Louisiana Governor John Bel Edwards stated that names, addresses, and social security numbers of approximately 4.6 million individuals were likely compromised.
As if that isn’t enough, in addition, the hackers likely obtained access to further personal details, including driver's license numbers, vehicle registration data, handicap placard information, birthdates, heights, and eye colors. Essentially all the details needed to commit fraud.
Governor Edwards emphasized that there is no evidence of the hackers selling, using, sharing, or releasing the exposed personal information. However, he urged Louisianans to take precautions to safeguard their identities.
These measures include:
Freezing credit to prevent unauthorized account openings. This can be done free of charge with each credit agency.
Changing all digital passwords. These should be difficult to guess and combine letters, numbers, and special characters. Each account should have its own unique password.
Obtaining a special number from the Internal Revenue Service to prevent tax fraud. It’s called an Identity Protection PIN. Instructions are on the IRS website.
Promptly reporting any suspected identity theft to the authorities, starting with local authorities.
Additional organizations victimized by this attack include Shell, the University of Georgia's academic system, Johns Hopkins University, and the Johns Hopkins Health System. Experts have warned that this extensive breach highlights the vulnerability of U.S. government agencies and other organizations to such cyber threats. And there is no doubt more organizations will be caught out by this vulnerability in the weeks and months to come.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com