The State of Louisiana has experienced an extensive data breach, with six million public records being exposed. The breach was a part of a global attack on the third-party file transfer application, MOVEit. The breach is likely to raise further concerns as the state recently introduced a new law that is increasing the uptake of digital ID – a law that forces adult websites to check the age of all users, with many wanting it rolled out to all social media platforms.
The personal details of every license holder in the state has now been exposed in the breach.
Over the past few years, Louisiana officials and their vendor, Envoc, have been working on the development and implementation of digital driver’s licenses and wallet programs. These programs have included the storage of biometric information related to various licenses, including driver’s and fishing licenses.
According to reports, the Clop ransomware group is behind the Louisiana breach. Although not specifically targeted at mobile driver’s licenses, one can’t ignore the gravity of stealing such sensitive data, especially in a state pushing digital ID.
Oklahoma and Louisiana have been steadfast in rolling out mobile ID programs for close to two years, where these digital documents play nicely with Apple’s and Google’s wallets. Louisiana’s zeal, which led to the issuance of 2.5 million digital IDs, outpaced even California. This breach will hopefully fan the flames of concerns regarding the safety and confidentiality of personal information, which are cornerstones for public buy-in for digital ID programs.