This story originally appeared in the Oregon Capital Chronicle and is republished here under a CC BY-NC-ND 4.0 license. Read more stories at oregoncapitalchronicle.com.
The personal information of 3.5 million Oregonians with driver’s licenses and state identification cards could be affected by an international data breach.
The breach, acknowledged by the Oregon Department of Transportation in a news release following a story by The Oregonian/OregonLive, involved a vulnerability in a popular file transfer program called MOVEit. It is supposed to allow organizations to securely transfer files and data, but the vulnerability enabled hackers to gain access to entire systems.
Departments of motor vehicles in other states have also been affected, with hackers potentially gaining access to personal information on driver’s licenses, ID cards and automobile registrations. The Oregon release did not mention vehicle registrations, and an Oregon DMV spokeswoman, Michelle Godfrey, did not immediately respond to questions, including whether that information was compromised.
The news release said the agency was unable to identify who was affected by the breach.
No other agencies appear to have been affected. Anca Matica, a spokeswoman for Gov. Tina Kotek, said only the Department of Transportation used MOVEit.
The transportation department said the federal Cybersecurity and Infrastructure Security Agency issued a security alert June 1 about the vulnerability. The state hired an outside contractor to analyze the department’s system. On Monday, the department confirmed that Oregonians’ personal information had been compromised.
“While much of this information is available broadly, some of it is sensitive personal information,” the release said. “Individuals who have an active Oregon ID or driver’s license should assume information related to that ID is part of this breach.”
The release advised residents to monitor their credit reports. By law, everyone is entitled to a free report from each of the three credit agencies, Equifax, Experian and TransUnion. To request a free report, go to www.annualcreditreport.com or call 877-322-8228.
Here’s how to contact the credit monitoring companies:
- Equifax: equifax.com/personal/credit-report-services or 800-685-1111
- Experian: experian.com/help or 888-397-3742
- TransUnion: transunion.com/credit-help or 1-888-909-8872
Residents should check for transactions or accounts they don’t recognize, and if they see strange transactions, call the number on the credit card. The Federal Trade Commission also has information on identity theft at www.consumer.gov/idtheft/.
Credit card companies can freeze cards to prevent future fraud.
Residents can also contact [email protected].
The department said it had alerted law enforcement about the breach.
“As we learn more, affected parties will be notified as required,” the department said.
