The global cyberattack that was first reported on earlier this week has taken a toll on many governments, schools, and businesses. That includes the states of Louisiana and Oregon, where millions of users' personal data might have been exposed.
The breach has affected 3.5 million Oregonians with driver’s licenses or state ID cards, and anyone with that documentation in Louisiana, authorities said. Casey Tingle, a senior official in the Louisiana governor’s office, said Friday that more than 6 million records were compromised while noting that that number is duplicative because some people have both vehicle registrations and a driver’s license.
These reports, and many others concerning hacker attacks, have happened due to a flaw that was discovered in the MOVEit file transfer software program. That exploit was found and used by one or more hacker groups. One of these groups that is suspected of carrying out these attacks is called CL0P, which is mostly based in Russia.
Reuters reports that The U.S. Department of Energy was among the many government agencies hit by this attack. The group responsible for the attack also reportedly sent random demands to the DOE. It also claims that Cl0p stated on its own website that it does not have any government data and that it does "the polite thing and delete all".
CNN says another agency, the US Office of Personnel Management, was affected by the same cyberattack. However, the same report claims that none of the government data breaches have been labeled as serious. Other large businesses like BBC and British Airways have reportedly been affected by the MOVEIT exploit, according to CNN, along with some schools and colleges like the University of Georgia.
MOVEit's parent company Progress has since issued an alert about the exploit and it also released a patch on June 9 to close the software issue.