In the latest development in the ongoing fallout of the MOVEit Cyber Attack, every driver’s license holder in the US state of Louisiana has been exposed to hackers in the enormous Cyber Attack. Personal details such as; Names, Addresses, and Social Security Numbers, among other sensitive data, are believed to have been exposed, according to a statement issued by Louisiana Governor, John Bel Edwards.
While CI0p has previously stated that they would not exploit any data taken from government agencies, and had assured they had erased such information, their recent actions suggest otherwise. As a precautionary measure, Governor Edwards has urged residents to take steps to protect their identities. These measures include freezing their credit to prevent the opening of new accounts in their names, changing all digital passwords, obtaining a special number from the federal Internal Revenue Service to prohibit someone else from filing tax returns in their names, and reporting any suspected identity theft to authorities. This breach represents a massive impact on the personal security of every driving license holder in the state of Louisiana and could potentially have devastating consequences for members of the public if the data is leaked.
The state of Louisiana is just the latest entity to reveal that they have had data exposed as part of the attack which has already targeted the BBC, British Airways, Boots, the Minnesota Department of Education, U.S. Department of Energy, and more recently PwC Australia, Transport for London, MediBank and many more. British Airways confirmed last week that its employees names, addresses, national insurance numbers, and banking details were exposed because its payroll provider, Zellis, used the MOVEit software. BBC and Boots also confirmed that some of their staff members’ data were compromised due to the same issue. The American Cyber Security and Infrastructure Security Agency has warned that multiple federal government agencies were caught up in the hack but has not provided further details.
Other businesses victimised in the attack included Shell, the University of Georgia’s academic system, Johns Hopkins University, and the Johns Hopkins Health System. As the full extent of the MOVEit cyber attack comes to light, experts have warned that such breaches underscore the vulnerability of government agencies and businesses to Supply Chain Attacks, even if their own security is not directly compromised, highlighting the need for increased investment in security measures, despite existing improvements.
The adoption of Artificial Intelligence and Machine Learning services such as Endpoint Detection & Response has been slow among many businesses despite its vast advantages over existing Anti-Virus solutions which can only protect against known Virus/Malware Signatures which account for only 25%-40% of Malware at any given time. Earlier this year One2Call increased our Minimum Cyber Security Protection Level for all IT Support customers to include Endpoint Detection & Response as a minimum requirement for all customers. We recognised that the Cyber Security Threat Landscape is changing and we knew that to provide the best service to our customers we had to adapt with it. Ransomware attacks have more than doubled over the past few years, and if attacks such as the MOVEit Cyber Attack continue that number is only set to increase.
If you would like to find out more about Endpoint Detection & Response, click the link below. Businesses can also download our FREE Cyber Security Self Assessment form which includes all of the key pillars of a Comprehensive Cyber Security Strategy. We can work with you to go through this self assessment, understand the key pillars and help you protect your business from these latest Cyber Threats.