Millions of Americans' personal data were exposed in a global hack.

Authorities said the attack affected 3.5 million Oregon and Louisiana residents who held driver's licenses or other identification documents in those states. Casey Tingle, a senior official in the Louisiana governor's office, said Friday that more than 6 million records had been compromised.

The states did not specifically blame anyone for the hack. The hackers exploited a vulnerability in a popular file transfer software called MOVEit, a Massachusetts-based progress software.

Hundreds of organizations worldwide may have had their data exposed after hackers exploited this vulnerability to infiltrate systems in recent weeks. Numerous U.S. federal agencies, including the Department of Energy, were targeted.

Multiple sources told CNN on Friday that the U.S. Office of Personnel Management was also affected by the hack, but the consequences were not serious.

U.S. officials described the cyberattack as an opportunistic hack, financially motivated, and not causing disruption to agency services.

Major corporations, including the BBC, British Airways, and UK universities, were also affected by the attack.

US cybersecurity officials have ordered federal agencies to implement the MOVEit updates, but the update is also believed to have a security vulnerability.

"Several hundred" companies and organizations in the U.S. could be affected by the cyberattack, a senior U.S. official told reporters Thursday. This is also seen as another test of the U.S. government 's ability to respond to cyber incidents.

Hoang Nam (according to CNN)