Millions of people in Louisiana and Oregon have had their personal data compromised following a giant cyberattack that also hit the US federal government, US agencies have announced.
The cyberattack affected at least 6.5 million residents of Oregon and Louisiana, authorities said.
Federal officials suspect a Russian gang was behind the cyberattack.
On Thursday, the US Cybersecurity and Infrastructure Security Agency said several US federal government agencies had been affected.
The agency “provides support to several federal agencies that have experienced intrusions affecting their MOVEit applications,” Eric Goldstein, executive deputy director of the cybersecurity agency (CISA), said in a statement.
“We are working urgently to assess the impacts and ensure a timely correction,” he added.
CISA Director Jen Easterly said she is “confident” that there will be no “significant impacts” on federal agencies.
Several cyberattacks have been reported in the United States for the past two weeks and have hit major American universities and several state governments.
These attacks put pressure on federal officials who have pledged to end the scourge of ransomware attacks that have plagued schools, hospitals and local governments across the United States.
Johns Hopkins University in Baltimore said in a statement this week that “sensitive personal and financial information,” including health billing records, may have been stolen in cyberattacks.
Separately, the Georgia University System, which covers the University of Georgia with its 40,000 students as well as more than a dozen other state colleges and universities, said it was investigating “the extent and severity” of cyberattacks.
A Russian-speaking hacking group known as CLOP claimed responsibility for some of the cyberattacks last week, which also affected employees of the BBC, British Airways, oil giant Shell and the state governments of Minnesota and Illinois. , among others.
New cyberattacks demonstrate the widespread impact a single software flaw can have if exploited by skilled criminals.
Progress, the US company that owns the MOVEit software, urged victims to update their software and issued security advice.