DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Oregon DMV, Louisiana OMV warn residents of MOVEit data breach

Posted on June 16, 2023 by Dissent

Both the Oregon and Louisiana departments of motor vehicles have become victims of the MOVEit hack and millions of drivers and vehicle owners have had their personal information stolen.

Onur Demirkol reports that the Oregon DMV fell prey to the MOVEit hack:

An estimated 3.5 million driver’s license and identity card details were exposed when the organization was hacked two weeks ago, the Oregon Driver and Motor Vehicle Services stated on Thursday. The Oregon DMV data breach might be dangerous for many as they have lost their personal information to possible bad actors. If you are one of them, better contact authorities for an official answer.

The reporter’s recommendation to contact the authorities is somewhat contradicted by the state, though. In a notice by the state, they say, in part:

We do not have the ability to identify if any specific individual’s data has been breached. Individuals who have an active Oregon ID or driver’s license should assume information related to that ID is part of this breach. We recommend individuals take precautionary measures to protect themselves from misuse of this information, such as accessing and monitoring personal credit reports.

The state’s full notice can be found here. It does not list all the data types that may have been accessed or acquired.

Under Oregon law, some driver information is actually a public record — like an Oregonian’s name, address, phone number, and driver’s record.  And under Oregon law, the state can, and actually does, sell that information to certain types of entities. So could criminals set up a fake private investigation service to buy data from the state that could be used in conjunction with the data that has been hacked?   Yes, and hopefully the states will be extra diligent about checking the credentials of any entities that apply to purchase public records data, but even without that data, this is a breach where data may be misused.

Louisiana has also been affected by the breach. The Louisiana Office of Motor Vehicles (OMV) issued a press release that says, in part:

There is no indication at this time that cyber attackers who breached MOVEit have sold, used, shared or released the OMV data obtained from the MOVEit attack. The cyber attackers have not contacted state government. But all Louisianans should take immediate steps to safeguard their identity.

OMV believes that all Louisianans with a state-issued driver’s license, ID, or car registration have likely had the following data exposed to the cyber attackers:

  • Name
  • Address
  • Social Security Number
  • Birthdate
  • Height
  • Eye Color
  • Driver’s License Number
  • Vehicle Registration Information
  • Handicap Placard Information

Gov. John Bel Edwards met with the Unified Command Group at 11 a.m. Thursday to be briefed on the incident, where he instructed the Governor’s Office of Homeland Security and Emergency Preparedness (GOHSEP), Office of Motor Vehicles (OMV), Louisiana State Police (LSP), and the Office of Technology Services (OTS) to act to inform Louisianans of the breach and their best next steps as soon as possible.

Read more of the press release and recommendations at Louisiana’s Warned of Data Leak from Office of Motor Vehicles.

Update: Louisiana believes about 6 million driver’s license and other OMV records were involved.

Category: Government SectorHackU.S.

Post navigation

← Energy Department and other federal agencies affected by MOVEit breach
Detained for DDoS attacks as part of the next edition of the international “Power Off” operation →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin
  • Ukrainian Web3 security auditing company Hacken suffered an attack that allowed a hacker to create 900 million HAI tokens
  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024 (2)
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.