CNN
—
Millions of people in Louisiana and Oregon had their data compromised Widespread cyber attack It has also hit the US federal government, state agencies said late Thursday.
About 3.5 million Oregonians with driver’s licenses or state identification cards and anyone with those documents in Louisiana were affected by the breach, officials said. The Louisiana governor’s office did not specify the number of victims, but more than 3 million Louisianans hold driver’s licenses, according to public data.
States have not blamed anyone in particular for the hack, but federal authorities have attributed a broader hacking campaign using the same software vulnerability to a Russian ransomware gang.
The sweeping hack may have exposed data from hundreds of companies around the world, and may have compromised data from several US federal agencies, including the Department of Energy, and large corporations such as the BBC and British Airways in Britain. While US and state governments say they have received no demands, Russian-speaking hackers have been known to demand loans for millions of dollars in ransom.
Data exposed in the Oregon and Louisiana Departments of Motor Vehicles breach may have included Social Security numbers and driver’s license numbers, prompting state officials to advise their residents on how to protect themselves from identity fraud.
Louisiana Gov. John Bel Edwards’ office said in a statement that there is no indication that the hackers sold or published data stolen from the Louisiana Office of Motor Vehicles, and that the hackers did not contact the state government.
On Thursday, the US Cybersecurity and Infrastructure Security Agency revealed to CNN that several US federal government agencies were affected.
Glob is said to be in charge of a ransomware gang known to demand multi-million dollar ransoms. But no ransom demands have been made to federal agencies, the senior official told reporters at a background briefing.
On Thursday, US-based Progress Software, whose software can be exploited by hackers, said it had discovered a second vulnerability in its code that the company was working to fix.
The hacks have had no “significant impact” on federal civilian agencies, CISA Director Jen Easterly told reporters, adding that hackers are “largely opportunistic” in using software flaws to break into networks.
