Millions impacted as state officials warn residents to protect themselves from data breach
BATON ROUGE - State leaders are alerting Louisianans to a data breach that compromised information on record at the Louisiana Office of Motor Vehicles, potentially affecting anyone with a Louisiana driver's license.
The breach impacted millions of people across multiple states, specifically Louisiana and Oregon, where their respective motor vehicle departments had data compromised.
The Governor's Office of Homeland Security and Emergency Preparedness held a press conference Friday morning saying the state first discovered the severity of the breach Wednesday night.
According to GOHSEP Director Casey Tingle, anyone with a state-issued driver's license, ID or car registration likely had their data compromised. As of Friday, the state says there is no indication the data has been publicly released.
Though it did not appear that any passwords were leaked in the breach, Tingle recommended that residents change their passwords, as well as take other security precautions.
It's unclear whether the breach affects anyone who held a Louisiana ID in the past, though they should also take steps to protect themselves.
Trending News
The breach at the OMV is reportedly part of a larger cyberattack affecting agencies across the U.S. and even other countries. Federal agencies, including the Department of Energy, were also impacted.
"The Office of Motor Vehicles in particular is a very legacy-facing organization, they have not modernized and kept pace. When you have data technology and a dated method of investigating and updating, patching and staying in tune to what's happening, you're really in a bad position," Executive Vice President of the New Orleans Information and Technology Group Tammy Baker said.
Read the news release from the Governor's Office of Homeland Security and Emergency Preparedness below.
Louisiana’s Office of Motor Vehicles (OMV) is one of a still undetermined number of government entities, major businesses and organizations to be affected by the unprecedented MOVEit data breach.
MOVEit is an industry-leading third party data transfer service used to send large files. It is widely used across the country and around the world, and reports are rapidly emerging of newly discovered exposures of sensitive data in this major international cyber attack.
There is no indication at this time that cyber attackers who breached MOVEit have sold, used, shared or released the OMV data obtained from the MOVEit attack. The cyber attackers have not contacted state government. But all Louisianans should take immediate steps to safeguard their identity.
OMV believes that all Louisianans with a state-issued driver’s license, ID, or car registration have likely had the following data exposed to the cyber attackers:
-Name
-Address
-Social Security Number
-Birthdate
-Height
-Eye Color
-Driver’s License Number
-Vehicle Registration Information
-Handicap Placard Information
Gov. John Bel Edwards met with the Unified Command Group at 11 a.m. Thursday to be briefed on the incident, where he instructed the Governor’s Office of Homeland Security and Emergency Preparedness (GOHSEP), Office of Motor Vehicles (OMV), Louisiana State Police (LSP), and the Office of Technology Services (OTS) to act to inform Louisianans of the breach and their best next steps as soon as possible.
We recommend all Louisianans take the following steps immediately:
1. Prevent Unauthorized New Account Openings or Loans and Monitor Your Credit
Individuals can freeze and unfreeze their credit for free, which stops others from opening new accounts and borrowing money in your name. Freezing your credit does not prevent the use of any existing credit cards or bank accounts. Freezing your credit may be done quickly online or by contacting the three major credit bureaus by phone:
Experian 1-888-397-3742 www.experian.com/freeze |
Equifax 1-800-685-1111 www.equifax.com/personal/ |
TransUnion (888) 909-8872 www.transunion.com/credit- |
Please also request and review your credit report from these agencies to look for suspicious activity.
2. Change All Passwords
As an additional precaution, consider changing all passwords for online accounts (examples: banking, social media, and healthcare portals) in the event your personal data was used to access these accounts. Utilize multi-factor authentication when able. Learn more about password protection at www.CISA.gov.
3. Protect Your Tax Refund and Returns with the Internal Revenue Service
To prevent someone else from filing returns or receiving your federal tax refund, request an “Identity Protection Pin” from the Internal Revenue Service by signing up at: https://www.irs.gov/identity-
4. Check your Social Security Benefits
All individuals who are eligible, applied for, and/or are receiving social security benefits (including disability), please consider registering for a ssa.gov account at https://www.ssa.gov/myaccount/ to stop others from stealing your benefits. If you suspect Social Security fraud, call the Office of Inspector General hotline at 1-800-269-0271, Social Security Administration at 1-800-772-1213 or file a complaint online at oig.ssa.gov.
5. Report Suspected Identity Theft
If you suspect any abnormal activity involving your data, including financial information, contact the Federal Trade Commission at 1-877-FTC-HELP or visit www.ReportFraud.FTC.gov immediately.
The State of Louisiana will be issuing additional information in the coming days. Additional tips on protecting your data and identity can be found at nextsteps.la.gov and www.
GOHSEP Director Casey Tingle will hold a press conference tomorrow at 10:30 a.m. to take media questions.