On June 1, the owners of the file transfer software MOVEit notified the Oregon Department of Transportation that their software contained a vulnerability that could lead to hackers obtaining the personal information of Oregon driver’s licenses or ID cards. ODOT said after learning about the vulnerability, it “activated its emergency response procedures” and worked with cybersecurity professionals to secure its system and investigate what information was affected.
By June 1, ODOT confirmed that hackers accessed data from MOVEit that contained the personal information of 3.5 million Oregonians, which includes most Oregon-issued IDs. The information available to hackers includes the names, driver’s license or ID card number, birth dates, addresses and the last four digits of Social Security numbers of nearly all owners of an Oregon ID card. ODOT said that more sensitive financial information, like bank accounts, credit cards or social security numbers, are safe.
The hack at ODOT is one of several carried out by the Russian-based cyber-extortion group Cl0p, though there’s no indication it’s connected to the Russian government. The Louisiana Office of Motor Vehicles, Nova Scotia provincial government, British Airways, the British Broadcasting Company and the U.K drugstore chain, Boots, were also impacted by the hack. In Louisiana, social security numbers were leaked, and the LOMV advised people to freeze their credit cards to guard from identity theft.
Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency, told The Washington Post that the hack appears to be opportunistic and “doesn’t present a systemic risk to our national security or our nation’s network.” Cl0p’s online public relations page, which is only accessible on the dark web, posted a notice to companies with leaked data that it will accept ransom to delete the information it obtained. It directed companies to email them to negotiate or it would start sharing data. At the end, it said all data from governments had been deleted.
“PS. If you are a government, city or police service do not worry, we erased all your data. You do not need to contact us. We have no interest to expose such information,” the hackers wrote.
Officials cautioned people impacted not to trust the promises made by the hacking collective. The group emerged in 2019 and has conducted email phishing schemes and extortion for data. Cl0p had access to the data since May, but MOVEit developed fixes to the vulnerabilities shortly after becoming aware earlier this month.
This article appears in Source Weekly June 22, 2023.
MAKE LOCAL JOURNALISM HAPPEN
Republish our articles for free, online or in print, under a Creative Commons license.
charlie-lima-oscar-papa,
charlie-lima-ze ro-papa,
charlie-wun-ze ro-papa.
Which?
The Russians continue to hack our public institutions. Reality Winner sacrificed 4 years of her life to give us the NSA report that revealed Russian cyber espionage targeted against 122 local American election boards in 2016–and the likelihood of a Trump White House coverup. (John Durham, conveniently, saw no merit it adding this item to his investigation.)