On Thursday, June 15, the Louisiana Office of Motor Vehicles (OMV) experienced a data security breach resulting in the loss of the personal information of potentially millions of Louisianans due to a global cyberattack involving the exploitation by hackers of a vulnerability in MOVEit Transfer, an electronic file transfer tool developed by Progress Software. In a press release, the OMV announced that it suspects the personal data of all individuals who possess a Louisiana state-issued driver’s license, ID, or car registration may have been exposed to the criminal cyber attackers, a ransomware gang known as “Clop.”

The OMV believes that the  following personal data has likely been exposed to the cyber attackers:

  • Name
  • Address
  • Social Security Number
  • Date of Birth
  • Height
  • Eye Color
  • Driver’s License Number
  • Vehicle Registration Information
  • Handicap Placard Information

The OMV indicated that it hasn’t found any evidence of the stolen data being utilized, sold, shared, or released by the perpetrators. Nevertheless, residents of Louisiana should remain vigilant and guard the safety of their personal information.

This is a serious breach incident. Companies should determine whether customer data may have been breached (including customer data possessed by business partners or service providers that use the exploited software) and should notify customers and regulatory authorities as required by contract, applicable law or regulation.  Individuals should take appropriate measures to safeguard their identities, reset their passwords, implement a credit freeze, enable multi-factor authentication on their financial accounts, and promptly report any suspicious activities to card issuers and, if appropriate, to the Louisiana State Police and the FBI.

Jones Walker’s data security team is available to assist clients or individuals with this or any other data security issues.

Andy Lee is a partner and chair of the firm’s privacy and data security practice. He can be reached at alee@joneswalker.com or 504.582.8664.

Lara Sevener is a partner and a member of the firm’s privacy and data security practice. She can be reached at lsevener@joneswalker.com or 504.582.8529.