WASHINGTON () — A hacking campaign that hit multiple U.S. federal agencies has put tensions between the West and Russia in the spotlight once again.

The hackers, reportedly linked with Russian cybercriminals, took advantage of a security flaw and hacked a widely used file transfer software, exposing the personal data of millions of Americans.

Known victims to date include Louisiana’s Office of Motor Vehicles, Oregon’s Department of Transportation, the Nova Scotia provincial government, British Airways, the British Broadcasting Company and the U.K. drugstore chain Boots. The exploited program, MOVEit, is widely used by businesses to securely share files. Security experts say that can include sensitive financial and insurance data.

Louisiana officials said Thursday that people with a driver’s license or vehicle registration in the state likely had their personal information exposed. That included their name, address, Social Security number and birthdate. They encouraged Louisiana residents to freeze their credit to guard against identity theft.

The Oregon Department of Transportation confirmed Thursday that the attackers accessed personal information, some sensitive, for about 3.5 million people to whom the state-issued identity cards or driver’s licenses.

Read Related Also: El Salvador's president registers for reelection despite constitutional objections

The Cl0p ransomware syndicate behind the hack announced last week on its dark web site that its victims, who it suggested numbered in the hundreds, had until Wednesday to get in touch to negotiate a ransom or risk having sensitive stolen data dumped online.

The Energy Department acknowledged the attack in a statement to .

“The U.S. Department of Energy (DOE) takes cybersecurity and the responsibility to protect its data very seriously. Upon learning that records from two DOE entities were compromised in the global cyberattack on the file-sharing software MOVEit Transfer, DOE took immediate steps to prevent further exposure to the vulnerability and notified the Cybersecurity and Infrastructure Security Agency (CISA). The Department has notified Congress and is working with law enforcement, CISA, and the affected entities to investigate the incident and mitigate impacts from the breach,” it read.

The Associated Press contributed to this report.