The personal information of 3.5 million Oregon citizens has been made public by an Oregon DMV data breach. The Oregonian broke the story of the hack, which was then followed by an ODOT press statement. The organization didn’t explain why it didn’t announce the hack until Thursday in a news statement.
The agency discovered on Monday that the accessible material contained the personal data of around 3.5 million Oregon residents who either have driver’s licenses or state identification cards. According to ODOT, the majority of it is publicly accessible information, but some of it contains delicate personal data.
According to a spokeswoman for ODOT (Ohio Department of Transportation), data from over 90% of Oregon’s state-issued licenses and ID cards were exposed in the attack, according to The Oregonian.
ODOT stated that it is impossible to determine if a specific person’s data was compromised, but that anybody in possession of a valid Oregon ID or driver’s license should assume that their information was exposed and should take precautions including checking their credit reports.
Oregon DMV data breach: How to handle a hacked data situation
Oregon residents who believe they may have been impacted should be aware that they are legally entitled to a free copy of their personal credit report from each of the three major consumer credit reporting agencies, Equifax, TransUnion, and Experian, once a year upon request.
Information regarding the individuals or organizations that have access to a person’s credit history can be found in a credit report. ODOT stated that reports can be obtained by visiting annualcreditreport or by calling 1-877-322-8228.
When the report is received, look for any unfamiliar transactions or accounts and report them by contacting the number provided on the report or going to the FTC’s website at consumer.gov/idtheft.
Your credit files can also be frozen by requesting it from each of the three credit monitoring companies; but, if you subsequently apply for a new loan or line of credit, the freeze could need to be lifted. The following phone lines or websites can be used to seek a freeze:
- Equifax: equifax.com/personal/credit-report-services or 1-800-685-1111
- Experian: experian.com/help or 1-888-397-3742
- TransUnion: transunion.com/credit-help or 1-888-909-8872
Sending an email to [email protected] will also get you further information from ODOT. ODOT said it has informed law authorities and is still trying to determine the entire extent of the intrusion.
Worldwide governments and businesses are affected by hacks
ODOT stated that the data breach was caused by a worldwide intrusion of the MOVEit Transfer data transfer platform, which ODOT has been using since 2015 to send information securely between clients and business partners.
On June 1, according to ODOT, the U.S. Cybersecurity and Infrastructure Security Agency released a zero-day vulnerability alert warning that a flaw in MOVEit Transfer had been found that might allow attackers to take control of vulnerable computers.
ODOT claimed to have secured its systems right away, but after consulting with government and private cyber security firms, the organization discovered that several data exchanged via MOVEit had been viewed by unauthorized users.
The BBC, British Airways, and the government of Nova Scotia are just a few of the well-known businesses and government entities that have been damaged by the MOVEit breach, according to ODOT. According to the Associated Press, the Louisiana DMV was also hacked.
The MOVEit breach, which is connected to a Russian cyber-extortion gang, has penetrated several government departments, including the U.S. Department of Energy, according to a story published on Thursday by The Associated Press.
Featured image credit: Clint Patterson on Unsplash