Hackers might have gained access to personal information of residents with driver’s licenses and state ID cards
By Lynne Terry, Oregon Capital Chronicle
The personal information of 3.5 million Oregonians with driver’s licenses and state identification cards could be affected by an international data breach.
The breach, acknowledged by the Oregon Department of Transportation in a news release following a story by The Oregonian/OregonLive, involved a vulnerability in a popular file transfer program called MOVEit. It is supposed to allow organizations to securely transfer files and data, but the vulnerability enabled hackers to gain access to entire systems.
Departments of motor vehicles in other states have also been affected, with hackers potentially gaining access to personal information on driver’s licenses, ID cards and automobile registrations. The Oregon release did not mention vehicle registrations, and an Oregon DMV spokeswoman, Michelle Godfrey, did not immediately respond to questions, including whether that information was compromised.
The news release said the agency was unable to identify who was affected by the breach.
It’s unclear whether any other Oregon agencies have been affected, including the Department of Human Services or the Oregon Health Authority. The Department of Administrative Services did not immediately respond to a request for comment about that while Elisabeth Shepard, a spokeswoman for Gov. Tina Kotek, said she would respond as soon as possible.
The transportation department said the federal Cybersecurity and Infrastructure Security Agency issued a security alert June 1 about the vulnerability. The state hired an outside contractor to analyze the department’s system. On Monday, the department confirmed that Oregonians’ personal information had been compromised.
“While much of this information is available broadly, some of it is sensitive personal information,” the release said. “Individuals who have an active Oregon ID or driver’s license should assume information related to that ID is part of this breach.”
The release advised residents to monitor their credit reports. By law, everyone is entitled to a free report from each of the three credit agencies, Equifax, Experian and TransUnion. To request a free report, go to annualcreditreport.com or call 877-322-8228.
Here’s how to contact the credit monitoring companies:
- Equifax: equifax.com/personal/credit-report-services or 800-685-1111
- Experian: experian.com/help or 888-397-3742
- TransUnion: transunion.com/credit-help or 1-888-909-8872
Residents should check for transactions or accounts they don’t recognize, and if they see strange transactions, call the number on the credit card. The Federal Trade Commission also has information on identity theft at consumer.gov/idtheft/.
Credit card companies can freeze cards to prevent future fraud.
Residents can also contact AskODOT@odot.oregon.gov.
The department said it had alerted law enforcement about the breach.
“As we learn more, affected parties will be notified as required,” the department said.
Lynne Terry has more than 30 years of journalism experience, including a recent stint as editor of The Lund Report, a highly regarded health news site. She reported on health and food safety in her 18 years at The Oregonian, was a senior producer at Oregon Public Broadcasting and Paris correspondent for National Public Radio for nine years.