June 15, 2023
BATON ROUGE, La. – Louisiana’s Office of Motor Vehicles (OMV) is one of a still undetermined number of government entities, major businesses and organizations to be affected by the unprecedented MOVEit data breach.
MOVEit is an industry-leading third party data transfer service used to send large files. It is widely used across the country and around the world, and reports are rapidly emerging of newly discovered exposures of sensitive data in this major international cyber attack.
There is no indication at this time that cyber attackers who breached MOVEit have sold, used, shared or released the OMV data obtained from the MOVEit attack. The cyber attackers have not contacted state government. But all Louisianans should take immediate steps to safeguard their identity.
OMV believes that all Louisianans with a state-issued driver’s license, ID, or car registration have likely had the following data exposed to the cyber attackers:
- Social Security Number
- Eye Color
- Driver’s License Number
- Vehicle Registration Information
- Handicap Placard Information
Gov. John Bel Edwards met with the Unified Command Group at 11 a.m. Thursday to be briefed on the incident, where he instructed the Governor’s Office of Homeland Security and Emergency Preparedness (GOHSEP), Office of Motor Vehicles (OMV), Louisiana State Police (LSP), and the Office of Technology Services (OTS) to act to inform Louisianans of the breach and their best next steps as soon as possible.
We recommend all Louisianans take the following steps immediately:
- Prevent Unauthorized New Account Openings or Loans and Monitor Your Credit
Individuals can freeze and unfreeze their credit for free, which stops others from opening new accounts and borrowing money in your name. Freezing your credit does not prevent the use of any existing credit cards or bank accounts. Freezing your credit may be done quickly online or by contacting the three major credit bureaus by phone:
Please also request and review your credit report from these agencies to look for suspicious activity.
- Change All Passwords
As an additional precaution, consider changing all passwords for online accounts (examples: banking, social media, and healthcare portals) in the event your personal data was used to access these accounts. Utilize multi-factor authentication when able. Learn more about password protection at www.CISA.gov.
- Protect Your Tax Refund and Returns with the Internal Revenue Service
To prevent someone else from filing returns or receiving your federal tax refund, request an “Identity Protection Pin” from the Internal Revenue Service by signing up at: https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin or calling the IRS at 1-800-829-1040.
- Check your Social Security Benefits
All individuals who are eligible, applied for, and/or are receiving social security benefits (including disability), please consider registering for a ssa.gov account at https://www.ssa.gov/myaccount/ to stop others from stealing your benefits. If you suspect Social Security fraud, call the Office of Inspector General hotline at 1-800-269-0271, Social Security Administration at 1-800-772-1213 or file a complaint online at oig.ssa.gov.
- Report Suspected Identity Theft
If you suspect any abnormal activity involving your data, including financial information, contact the Federal Trade Commission at 1-877-FTC-HELP or visit www.ReportFraud.FTC.gov immediately.
GOHSEP Director Casey Tingle will hold a press conference 6/16/23 at 10:30 a.m. to take media questions.
10:30 a.m. – Press Conference
GOHSEP Press Room
7667 Independence Blvd.
Baton Rouge, LA 70806