6 million OMV records exposed in massive cyber attack, Louisiana officials warn
Louisiana Office of Motor Vehicles and state officials warned on Thursday that all residents with a state-issued driver’s license, ID or car registration likely had sensitive information exposed to hackers in a major cyber attack on MOVEit — a third party file transfer software that is used by governments and companies across the world.
State officials said the attack exposed about 6 million OMV records. The Governor’s Office of Homeland Security and Emergency Preparedness director Casey Tingle said some of those are duplicative because many residents have multiple documents on file with the OMV.
Names, addresses, social security numbers, height, and eye color are all among the list of vulnerable data the OMV believes were exposed to the attackers.
It is unknown whether the hackers have sold, shared, used or released any data, and officials said the attackers have not contacted the state government.
Tingle said in a press conference on Friday morning that officials do not believe Louisiana was the focus of the widespread attack. MOVEit was at the center of an international data breach that affected universities, companies and multiple U.S. government agencies.
Still, they are urging all Louisianans to take steps to keep their personal information safe, like monitoring credit cards and changing passwords. Officials are also encouraging residents to be sure they have an identity protection pin with the Internal Revenue Service and to check their social security benefits.
The attack has been called “unprecedented” by officials who do not yet know how many agencies the breach affected. Tingle said they have no reason to believe any other Louisiana entity was hit by the attack.
Here are the steps officials suggest taking to keep your information safe:
Monitor and freeze your credit cards and accounts. Officials said it is most important for residents to monitor and freeze their credit. Freezing credit only prevents others from opening new accounts and borrowing money in your name. It does not prevent you from using current credit cards or accounts. To freeze your credit, you can contact the three major credit bureaus by phone or visit their website:
- Change all passwords. Officials said they know passwords were not among the information exposed in the attack, but they are suggesting Louisianans change them as a best practice and recommend doing so every 90 days. They urge residents to consider changing all online passwords, including those to banking accounts, social media and health care portals.
- Protect tax returns with an identity protection pin from the Internal Revenue Service. To prevent others from filing your returns or receiving your refunds, officials suggest requesting an identity protection pin from the Internal Revenue Service.
- Check social security benefits. All residents who are eligible for, applied for or receive social security benefits should consider registering for an account to prevent others from stealing your benefits. If you suspect fraud, you should call the Office of Inspector General hotline at 1-800-269-0271, Social Security Administration at 1-800-772-1213 or file a complaint online.
- Report suspected identity theft. Finally, officials are asking Louisianans to report any suspected identity theft. If you suspect abnormal activity involving your data or financial information, you should contact the Federal Trade Commission at 1-877-FTC-HELP or file a report on the FTC website immediately.
No other information has been provided at this time. Officials say the investigation is ongoing.