Data breach could affect 3.5 million Oregonians
Hackers might have gained access to personal information of residents with driver’s licenses and state ID cards
Oregonians with driver’s licenses or state ID cards should monitor their credit follow a data breach. (Joe Raedle/Getty Images)
UPDATED at 8:13 p.m. June 15, 2023 with statement from Gov. Tina Kotek’s office, at 11:15 a.m. June 16, 2023 with a transportation department response and at 3:07 p.m. June 16, 2023 with at attorney general comment.
The personal information of 3.5 million Oregonians with driver’s licenses and state identification cards could be affected by an international data breach.
The breach, acknowledged by the Oregon Department of Transportation in a news release following a story by The Oregonian/OregonLive, involved a vulnerability in a popular file transfer program called MOVEit. It is supposed to allow organizations to securely transfer files and data, but the vulnerability enabled hackers to gain access to entire systems.
At least some departments of motor vehicles in other states have also been affected, with hackers potentially gaining access to personal information on driver’s licenses, ID cards and automobile registrations. An Oregon DMV spokeswoman, Michelle Godfrey, responded on Friday, a day after the Capital Chronicle sent her a query, that vehicle registration information had not been compromised.
The breach is serious and distressing, Attorney General Ellen Rosenblum said Friday in a statement:
“Your driver’s license contains plenty of information about you, including your birthdate, home address and even your height, weight, and eye color. Scammers can use some of this information to steal your identity and apply for credit cards, loans, and unemployment benefits in your name,” the statement said.
The transportation department was unable to identify who was affected by the breach.
No other agencies appear to have been affected. Anca Matica, a spokeswoman for Gov. Tina Kotek, said only the Department of Transportation used MOVEit.
The transportation department said the federal Cybersecurity and Infrastructure Security Agency issued a security alert June 1 about the vulnerability. The state hired an outside contractor to analyze the department’s system. On Monday, the department confirmed that Oregonians’ personal information had been compromised.
“While much of this information is available broadly, some of it is sensitive personal information,” the release said. “Individuals who have an active Oregon ID or driver’s license should assume information related to that ID is part of this breach.”
The release advised residents to monitor their credit reports. By law, everyone is entitled to a free report from each of the three credit agencies, Equifax, Experian and TransUnion. To request a free report, go to www.annualcreditreport.com or call 877-322-8228.
Here’s how to contact the credit monitoring companies:
- Equifax: equifax.com/personal/credit-report-services or 800-685-1111
- Experian: experian.com/help or 888-397-3742
- TransUnion: transunion.com/credit-help or 1-888-909-8872
Residents should check for transactions or accounts they don’t recognize, and if they see strange transactions, call the appropriate banks or credit card company to report them. The Federal Trade Commission also has information on identity theft at www.consumer.gov/idtheft/.
“If you act quickly, you likely will not be responsible for charges made on fraudulent credit cards you didn’t apply for, and you may not have to pay back loans that thieves took out in your name,” Rosenblum’s statement said.
Credit card companies can freeze cards to prevent future fraud.
Residents can also contact [email protected].
The department said it had alerted law enforcement about the breach.
“As we learn more, affected parties will be notified as required,” the department said.
GET THE MORNING HEADLINES DELIVERED TO YOUR INBOX
Our stories may be republished online or in print under Creative Commons license CC BY-NC-ND 4.0. We ask that you edit only for style or to shorten, provide proper attribution and link to our web site.