Connect with us

Louisiana

Here’s what to know three weeks after massive data breach hit Louisiana’s OMV

Published

on

Here’s what to know three weeks after massive data breach hit Louisiana’s OMV


A massive cybersecurity breach last month led to the release of six million Louisiana Office of Motor Vehicles records, exposing the names, social security numbers, addresses and birth dates of almost all Louisiana residents.

But the breach could have been much worse — potentially exposing sensitive financial data safeguarded by the state Department of Revenue — had officials acted less quickly to contain it, according to documents and interviews with state officials and cybersecurity experts.

Every Louisianan with a state-issued driver’s license, ID, or vehicle registration had data exposed in the breach, which targeted a third-party file-sharing software called MOVEit. The breach has reverberated globally, as dozens of pharmaceutical firms, media companies and other entities have had their data compromised.

The data teams of several other Louisiana agencies, including the revenue department, use MOVEit to transfer data. But the OMV is the only Louisiana entity to have been affected by the breach, according to information provided by Gov. John Bel Edwards’ office.

Advertisement

Members of CL0P, a ransomware gang thought to be headquartered in Russian-occupied Ukraine, took advantage of MOVEit developers’ plans this spring to install a new “patch” in their software. Having learned of vulnerabilities to that patch, they quickly struck at entities worldwide that use the file-sharing service once the patch was applied, cybersecurity experts say. 

Two days before the Governor’s Office of Homeland Security and Emergency Preparedness announced the breach, officials started to learn the extent of the problem when they realized that CL0P had obtained OMV data through the defective patch. The patch had been applied to servers at the Louisiana Department of Public Safety, which oversees the OMV.

Data obtained by the group was relegated to a single server, GOHSEP officials said.

The state Office of Technology Services links multiple state agencies’ servers under a single umbrella — something the CL0P hackers sought to use to their advantage, said Jacques Berry, a Division of Administration spokesperson.

But as soon as staff learned of the breach, they halted plans to apply the new, defective patch to DOR and other servers’ MOVEit environments, Berry said. Once the CL0P hackers hit the state’s cybersecurity defenses and failed to obtain additional data on other agencies’ servers, they abandoned efforts to target the Louisiana agencies.

Advertisement

Had the patch been applied to other server environments earlier, the breach might have swiftly penetrated deeper into the state’s information network, Berry said.

It’s unclear how much the attack and the state’s response to it has cost taxpayers, if anything. Also unclear is how much the state has spent on cybersecurity in recent years. A public records request to determine that information hasn’t yet been fulfilled.

To remedy the issue, the state applied a new, improved software patch issued by MOVEit’s manufacturer to its servers, according to GOHSEP. It also reconfigured its firewalls to defend itself against internet traffic from MOVEit’s web services.

Some cybersecurity experts have praised the state’s response.

Officials responded well by quickly alerting the public of the hack and advising people to freeze credit accounts, said Andrew Wolfe, a software engineer and computer science professor at Loyola University in New Orleans.

Advertisement

“I felt that this showed that they had done a pretty good job of getting themselves set up for this,” Wolfe said. “They were ready for the disclosure; they were ready to present a report of what the risks were. They gave residents a set of procedures and protective steps that they could take.”

To blame for the incident is the balkanized cybersecurity infrastructure that has emerged as file-sharing and other software has become increasingly common. Hacking strategies are evolving faster than security protocols can keep up, he said.

After the breach, GOHSEP officials said that no state services have been suspended because of the MOVEit vulnerability. They say there are no current plans to suspend any of those services.

A GOHSEP spokesperson referred questions about the breach to a fact sheet released by Edwards’ office about the event. 

Asked if the state could have done more to preemptively fix the situation, GOHSEP officials said the nature of the so-called “zero-day vulnerability” that resulted in the breach would have made earlier mitigation difficult.

Advertisement

“This means that the attackers found a defect with a third-party software product before its manufacturer or other sophisticated cybersecurity professionals became aware,” the fact sheet reads. “Unfortunately, the state of Louisiana, along with countless other entities, both public and private, were impacted by simply being MOVEit customers.”

Staff writer Sam Karlin contributed to this report. 





Source link

Louisiana

Seeking Louisiana Young Heroes for 2025

Published

on

Seeking Louisiana Young Heroes for 2025


Louisiana Public Broadcasting is looking for nominees for its 2025 Louisiana Young Heroes program that identifies exceptional individuals who have excelled in academics, given significantly through public service, overcome adversity,



Source link

Continue Reading

Louisiana

Louisiana prisons routinely hold inmates past their release date, Justice Department argues

Published

on

Louisiana prisons routinely hold inmates past their release date, Justice Department argues


Louisiana’s prison system routinely holds inmates for weeks or months after they were supposed to be released from custody following the completion of their sentences, the U.S. Justice Department said in a lawsuit filed Friday.

The lawsuit against the state comes after a multi-year investigation into a pattern of “systemic overdetention” that violates inmates’ rights and costs taxpayers millions of dollars per year.

Since at least 2012, more than a quarter of the inmates scheduled to be released from Louisiana prisons have been held past their release dates, according to the DOJ.

LOUISIANA LAWMAKERS WEIGHING CONSTITUTIONAL AMENDMENT THAT WOULD SEND MORE JUVENILE OFFENDERS TO ADULT JAILS

Advertisement

Louisiana’s prisons often hold inmates long after they were supposed to be released following the completion of their sentences, the DOJ says. (AP)

The Justice Department warned Louisiana officials last year that it may file a lawsuit against the state if it failed to fix the problems. Lawyers for the department argue that the state made “marginal efforts” to address the issues, noting that such attempts at a fix were “inadequate” and showed a “deliberate indifference” to the constitutional rights of inmates.

“[T]he right to individual liberty includes the right to be released from incarceration on time after the term set by the court has ended,” Assistant Attorney General Kristen Clarke said in a statement.

“To incarcerate people indefinitely … not only intrudes on individual liberty, but also erodes public confidence in the fair and just application of our laws,” the statement added.

DOJ sign

More than a quarter of the inmates scheduled to be released from Louisiana prisons since at least 2012 have been held past their release dates, the Department of Justice said. (Kevin Dietsch/Getty Images)

Louisiana Gov. Jeff Landry and state Attorney General Liz Murrill, both Republicans, attributed the problem to the “failed criminal justice reforms” pushed by “the past administration.”

Advertisement

“This past year, we have taken significant action to keep Louisianans safe and ensure those who commit the crime, also do the time,” Landry and Murrill said in a joint statement to The Associated Press. “The State of Louisiana is committed to preserving the constitutional rights of Louisiana citizens.”

BIDEN CONSIDERS COMMUTING THE SENTENCES OF FEDERAL DEATH ROW INMATES: REPORT

Jeff Landry at CPAC Texas

Louisiana Gov. Jeff Landry speaks at CPAC Texas 2022 conference at Hilton Anatole. (Radin/Pacific Press/LightRocket via Getty Images)

The two state officials also purported that the lawsuit is a last-ditch effort by President Biden, who leaves office next month, arguing that President-elect Trump’s incoming administration would not have pursued the case.

CLICK HERE TO GET THE FOX NEWS APP

Advocates have repeatedly challenged the conditions in Louisiana’s prison system, which includes Angola, the largest maximum-security prison in the nation, where inmates pick vegetables by hand on an 18,000-acre lot. The site was once the Angola Plantations, a slave plantation owned by Isaac Franklin and named after Angola, the country of origin for many of the enslaved people who worked there.

Advertisement

The Associated Press contributed to this report.



Source link

Continue Reading

Louisiana

Army Black Knights Predicted to Beat Louisiana Tech in Independence Bowl

Published

on

Army Black Knights Predicted to Beat Louisiana Tech in Independence Bowl


The Army West Point Black Knights came up short in their last game, as they lost their annual rivalry matchup against the Navy Midshipmen 31-13 to lose the Commander-in-Chief’s Trophy.

But, their season is not yet over, as they will have a chance to finish things on a high note in the Independence Bowl against a new opponent; the Louisiana Tech Bulldogs.

Originally, the Black Knights were supposed to face off against the Marshall Thundering Herd, but a change had to be made after they experienced a mass exodus of players entering the transfer portal following a coaching change.

Based on records, the quality of the opponent would seem to have dropped off considerably. Marshall had 10 victories, while Louisiana Tech had only five.

Advertisement

But, Adam Rittenberg of ESPN still believes that this will be a competitive game in Shreveport, La. in the Bulldogs’ backyard. Louisiana Tech is in Ruston, La., 70 miles away from Shreveport.

He predicted that Army will sneak away with a 23-16 victory.

he Bulldogs have half the number of wins as the Thundering Herd, but their defense can be very stingy at times, and will need to perform against Bryson Daily and the Black Knights. … Army is undoubtedly still smarting from the Navy loss, and top running back Kanye Udoh entered the portal. Louisiana Tech jumps ahead early behind quarterback Evan Bullock, but Army eventually takes control and grinds out a low-scoring win, its 12th on the season.

Rittenberg pointed out that several of LA Tech’s defensive linemen have entered the transfer portal. Udoh just announced his transfer to Arizona State.

This has already been one of the best seasons in program history, as they reached the 11-win mark only one other time in 2018. But, an argument can be made this is their best season since it won its last national championship because it was not independent.

Advertisement

The Black Knights were a member of the American Athletic Conference, the first time since 1998-2004 that they weren’t independent as a member of Conference USA. They found a ton of success, going 8-0 in the regular season before defeating the Tulane Green Wave in the AAC Championship Game in West Point, New York.

Army has shown an ability to grind out wins, playing a physical style of football on both sides of the ball. Daily is the leader offensively, producing with his arm and legs at a high level.

He threw for 942 yards with nine touchdowns and only four interceptions, three of which came in the matchup against Navy. On the ground, he led the AAC with 283 carries, 1,532 yards and 29 scores.

His 29 rushing touchdowns were the most in the country, as he won the 2024 AAC Player of the Year Award.

The Black Knights would love to see Daily provide one more memorable performance to help the team reach the 12-win mark for the first time in program history.

Advertisement



Source link

Continue Reading

Trending