OMV data hack reveals Louisiana cybersecurity weaknesses | News

A global cyberattack roiling Louisiana’s Office of Motor Vehicles shows how sophisticated digital criminals have become, experts say, as sluggish and bifurcated cybersecurity protocols leave firms and governments scrambling to safeguard peoples’ data.

Cybersecurity researchers, consultants and government officials reacted with alarm Friday as the hack’s effects reverberated in Louisiana and beyond. Every Louisianan with a state-issued driver’s license, ID, or vehicle registration had data exposed in the leak, which targeted a file-sharing software called MOVEit used by an unidentified third-party OMV vendor, officials say.

Names like Equifax and Experian are somewhat synonymous with recent hacks that exposed droves of user data stored by single companies. But the MOVEit breach represents a new kind of hack — one that pierced hundreds, if not thousands, of firms and government agencies worldwide because the file-sharing software is so ubiquitous.

“This could be used to exploit thousands, or tens of thousands, of organizations, God help us, plus the ones they’re sharing data with,” said Andrew Wolfe, a software engineer and computer science professor at Loyola University in New Orleans.

For now, Louisiana officials say OMV appears to be the only state agency affected by the hack, which named among its victims the Oregon Department of Motor Vehicles and British Airways, among dozens of other companies and government agencies.

Louisiana officials first learned of the breach Wednesday evening and issued a press statement the next day announcing that OMV data had been compromised.