An estimated 3.5 million driver’s license and identity card details were exposed when the organization was hacked two weeks ago, the Oregon Driver and Motor Vehicle Services stated on Thursday. The Oregon DMV data breach might be dangerous for many as they have lost their personal information to possible bad actors. If you are one of them, better contact authorities for an official answer.
According to agency spokesperson Michelle Godfrey, the organization discovered on Monday, or four days prior, that the Oregon DMV data breach had affected nearly 90% of the state’s driver’s license and identification card information.
On Wednesday, The Oregonian/OregonLive made initial inquiries about the security compromise; it took DMV officials nearly a day to provide replies. Godfrey stated that the agency wanted to hold off on going public until Friday because officials are still training agency staff on how to respond to inquiries and worries from Oregonians about how to protect themselves.
On June 1, the state officials noticed that they had been hacked, and even though it was pretty late, the systems were shut off after two hours. “But we didn’t have any information about what data may have been affected at that time,” Godfrey said.
ODOT made an announcement about the Oregon DMV data breach
ODOT stated that it is impossible to determine whether a specific person’s data was compromised but that anyone in possession of a valid Oregon ID or driver’s license should assume that their information was exposed and should take precautions, including monitoring their credit reports.
“Good forensic work does take time, and even on June 12, we’re still talking about preponderance of the evidence, enough for us to say there is that we can confirm and actually believe this event is one that’s confirmed and that we are very confident saying happened. Between that time and today [Thursday], we’ve been trying to put in place things to prepare Oregonians for this announcement and to do that the right way, so we didn’t give too much evidence to the actual threat actors who could use verification of their attack as leverage,” said ODOT Chief Information Officer Thomas Amato.
The organization started using the well-known file-sharing program in 2015. The program had a “vulnerability which could allow an attacker to ‘take over an affected system,'” according to a “zero-day vulnerability alert” published on June 1 by the Cybersecurity and Infrastructure Security Agency.
Multiple files had been “accessed by unauthorized actors” before the agency was notified formally, according to a security expert from a third party.
What to do against a data breach?
Look for any transactions or accounts that you do not recognize when you receive your credit reports. Call the number on the credit report if you find anything you don’t understand, or go to the Federal Trade Commission’s Web page on identity theft for further information. You could also want to request that the three credit monitoring companies freeze your credit files.
Experian, Equifax, and TransUnion all have customer support hotlines that may be reached at 1-888-397-3742, 1-800-685-1111, and experian.com/help, respectively.
Oregon residents who believe they may have been impacted should be aware that they are legally entitled to a free copy of their personal credit report from each of the three major consumer credit reporting agencies, Equifax, TransUnion, and Experian, once a year upon request.
Information regarding the individuals or organizations that have access to a person’s credit history can be found in a credit report. ODOT stated that reports can be obtained by visiting Annual Credit Report or by calling 1-877-322-8228.
For more information, contact ODOT via email at [email protected].
Featured image credit: Shahadat Rahman on Unsplash